InfoArmor chief intelligence officer Andrew Komarov confirmed that a group was selling complete copies of Yahoo database on dark websites. He called the seller as Group E. According to Komarov, the selling was money motivated and nothing to do with politics. InfoArmor is an Arizona cybersecurity firm that monitors internet websites, where criminals, spies and spammers inhabited.
Group E sells complete copies of the hacked records and it sometimes combined information into a master database. It also peddles data to spammers that will use it to send information to specific audiences. Sometimes, the group operates through intermediaries.
The group was also believed to have broken the systems including LinkedIn, Dropbox, Myspace and Tumblr. It was also believed that Russian social network Vkontakte was hacked by the group.
The selling activity was first monitored in August where three buyers paid about US$300,000 (AU$408,000) each for a complete copy of the database. The buyers were identified as two known spammers and an entity interested in espionage.
In October, Hold Security confirmed that hackers were trying to sell the stolen Yahoo records for about US$200,000 (AU$272,000). The firm also monitored dark websites' activities.
The price dropped to US$20,000 (AU$40,800) from US$50,000 (AU$68,000) because the information became less valuable as Yahoo already changed the passwords.
Hold Security chief executive Alex Holden said the sellers were offering samples of stale information from the 2013 Yahoo database. According to the sellers, they were able to access the database through an intermediary at Department K. The department was part of the Russian Interior Ministry combatting high-tech crimes.
Komarov said that the copy of records obtained by their company were provided to military and law enforcement authorities in several countries including the United States, Australia, Britain, Canada and the European Union. The authorities confirmed the authenticity of the records and some raised their concerns to Yahoo. The website company still does not know the entity responsible for the hacking.