The Yahoo data breach was one of the biggest cyberattacks in history, affecting 3 billion accounts. It was carried out by Russian state-sponsored hackers and criminals in 2013 and 2014 but wasn’t revealed until years later. Hackers stole personal details like emails, passwords, and security questions. They used phishing emails and forged cookies to break into accounts. The attack was motivated by espionage and financial gain.
The attack was carried out by state-sponsored hackers linked to Russia. The U.S. government later charged four individuals, including two Russian intelligence officers and two criminal hackers.
Yahoo suffered two major breaches. In 2013, all 3 billion user accounts were compromised. In 2014, another breach affected 500 million users. Stolen data included names, email addresses, phone numbers, dates of birth, hashed passwords, and security questions.
The breaches occurred in 2013 and 2014 but were only disclosed in 2016 and 2017. Yahoo, a U.S.-based company, was the target.
The hackers were motivated by espionage and financial gain. Russian intelligence officers wanted access to accounts for surveillance, while the criminal hackers used stolen data for profit.
The hackers used phishing emails to trick employees into revealing credentials. They then installed malware and created forged cookies, allowing them to access user accounts without passwords.