Jordan Robertson reports yet another worrying aspect to the newly disclosed Yahoo! breach affecting 1 billion users: government employee accounts were involved, and at least one buyer of the database specifically asked about government officials as to whether their data was in the database. Some snippets from his reporting:
More than 150,000 U.S. government and military employees are among the victims of Yahoo! Inc.’s newly disclosed data breach, and their names, passwords, telephone numbers, security questions, birth dates, and backup e-mail addresses are now in the hands of cybercriminals.
[…]
The information about the government employees comes from a cyber-security researcher, Andrew Komarov, who discovered a stolen database of Yahoo user information involving hundreds of millions of accounts and turned it over to the government, which in turn alerted Yahoo.
[…]
Komarov said the group selling the database he acquired are professional cybercriminals who sell mostly to spammers, leading him to conclude that a nation was not behind this crime. The hackers are Eastern European and Komarov said based on their communications he suspects they may have never met in person. They are prolific hackers, picking major e-mail providers and social media sites to target based on how much they can sell the logins for. Their operations have netted more than 3.5 billion records from companies including MySpace, Dropbox and VK.com, a popular Russian social networking site.
Read more on Bloomberg.