Same hacker collective may be behind the biggest data breaches

You know that Yahoo breach that just happened recently? The one where 500 million credentials were stolen? Well, a highly respected security researcher claims the hack was done by the same group that breached MySpace, LinkedIn, Badoo, VK.com, and a few others.

The researcher in question is Andrew Komarov, and he told The Register that not only did the same group do all these things, but the number of breached Yahoo accounts is probably a billion. Double what was reported. Komarov says the group, referred to as "Group E", is a "small Eastern European hacking outfit" that makes money by hacking big companies and selling their data to whoever is willing to pay.

In the case of Yahoo, the data was sold to an "unnamed nation-state actor group", through a broker. According to Komarov, the broker goes by the name Tessa88 and is a Russian-speaking criminal. On September 22, 2016, the news of Yahoo being breached detonated across the web. It was reported that the breach actually occurred back in 2014, and that "at least" 500 million user account credentials were stolen.

Names, email addresses, telephone numbers, birthdays, even hashed passwords and some "encrypted or unencrypted security questions and answers", were among the data taken. Banking and credit card data were safe, apparently. Interestingly enough, a hacker who goes by the name Peace (Peace_of_mind) tried to sell the data online.

That’s the same person who tried to sell a bunch of other data, including MySpace and LinkedIn.

Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.

Image Credit: Brian Klug / Flickr