March 16, 2017

DoJ says 4 indicted in hack of Yahoo accounts

A grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for crimes involved in the hacking of more than 500 million Yahoo accounts, the Justice Department said Wednesday.

The indictment cites computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo's network and the contents of webmail accounts, DoJ reported.

Yahoo last December issued a warning to users that it believed that an unauthorized third party stole data related to more than 1 billion user accounts.

In Wednesday's announcement, DoJ said the indictment cited more than 500 million victims whose Yahoo account information was stolen by defendants, more than 30 million accounts that were accessed without authorization to facilitate a spam campaign; and at least 18 additional users at other webmail providers whose accounts were accessed without authorization.

It said the alleged conspiracy began at least as early as 2014. Even though the conspirators lost their access to Yahoo's networks in September 2016, it said, they continued to utilize information stolen from the intrusion up to and including at least December 2016.

News of the hack emerged in news reports last December, and NAFCU President and CEO Dan Berger reiterated the association's call for a national data security standard like the one currently followed by credit unions and banks under the Gramm-Leach-Bliley Act.

Brian Krebs reported and provided analysis of the Justice Department's announcement Wednesday.