Let's talk about the hack on Yahoo. In the digital world, it only takes one click to bring down or irreparably damage businesses large and small.

Did you know that Yahoo was not the victim of some sophisticated attack by a ninja hacker, and that a simple spear-phishing attack was the only weapon used in the largest data breach in history?

Yes, one of Yahoo's employees fell victim to a simple phishing attack by clicking on a wrong link sent to him by the hackers. With this click they managed to gain access to the company's internal networks.

Phishing attacks are used to steal user names and passwords. Spear-phishing is a targeted form of phishing in which attackers target company employees who want to gain access to steal their credentials.

Usually the opening of a malicious attachment is enough to lose a lot of personal data from the victim's computer. Now if this victim had also stored on his computer access credentials to the systems of the company he works for we have the Yahoo effect.

The massive interception of its data Yahoo was human error according to the indictment of the FBI.

On Wednesday, the US government indicted two Russian spies (Dmitry Dokuchaev and Igor Sushchin) and two hackers (Alexsey Belan and Karim Baratov) for the 2014 Yahoo hack, which leaked some 500 million user accounts.

The indictment provides several details about the hack of 2014, and FBI officials recently provided new insight into how the two Russian Federal Security Service (FSB) officers hired two hackers to gain initial access to Yahoo in early 2014.

Let's see how the Yahoo hack happened:

The attack began with a "Spear Phishing" email sent to "semi-privileged" Yahoo employees rather than top executives in early 2014.

Although it is not clear how many Yahoo employees received the email, it only took one click on the malicious attachment or a link for the attackers to gain access to Yahoo's internal networks.

Alexsey Belan, who is already on the list of Most Wanted hackers of the FBI, began investigating the network and, according to the FBI, discovered two key elements:

  • Yahoo's User Database (UDB) (a database containing personal information about all Yahoo users).
  • And the Account Management Tool - an administrative tool used to process the database.

Belan used the file transfer protocol (FTP) to download Yahoo's database, which contained names, phone numbers, security questions and answers, and worse, password recovery emails that had a cryptographic value unique to each Yahoo account.

With the account recovery messages and unique encryption values, Belan and Baratov gained access to the accounts of certain users desired by Russian spies Dokuchaev and Sushchin.

Once the accounts were located, the hackers used the stolen encryption values called "nonces" to create fake access cookies to those user accounts, giving FSB agents access to the users' email accounts without the need for a password.

According to the FBI, these cookies created between 2015 and 2016 gave them access to "more than 6,500 Yahoo accounts."

Who the Russian spies wanted:

According to the indictment, in addition to foreign webmail service providers, the Russian spies gained access to Yahoo accounts belonging to:

An assistant deputy to the president of Russia.
An officer of the Russian Ministry of Interior.
An instructor working at the Ministry of Sport of Russia.
Russian journalists.
Officials of states bordering Russia.
US government employees.
An employee at a Swiss Bitcoin wallet company.
An employee of a US airline.

FBI Special Agent John Bennett said in a press conference that Yahoo first approached the FBI in 2014 about the hack and that they were "great partners" during their investigation.

However, the company announced the hack two years after the December 2016, informing hundreds of millions of its customers to change their passwords.