Your Yahoo e-mail account hasn’t only been compromised, it may already be in the hands of cyber criminals. Andrew Komarov, InfoArmor’s Chief Intelligence Officer (CIO), has reported that the hacked Yahoo database was sold for a hefty sum on the Dark Web. In case you’re wondering, the Dark Web is the part of the Internet where spammers, spies, and crooks roam free. Obviously, it’s the last place where you’d want your email credentials and personal info to be.

Yahoo Database on Sale

According to the security firm’s top-ranked official, a hacking collective based in Eastern Europe began selling the hacked Yahoo data in August of last year. He reveals that it would cost interested parties as much as $300,000 to obtain a complete copy of the valuable database. Since then, the data has been sold to at least three different buyerstwo spammers and a possible state spy.

Komarov also reports that two of the buyers were prominent spammers while the third may have been an intelligence agency. The third known buyer reportedly requested details of US and foreign government officials before buying the hacked database. In the process, the Arizona-based cyber security firm intercepted a copy of the sold data.

Ensuing Investigation

After intercepting a copy of the Yahoo database, InfoArmor reported its findings to the US government. It was revealed that the intercepted data contained sensitive information that included accounts belonging to FBI agents, White House personnel, NSA (National Security Agency) operatives, and military officials.  

Not only that, but Komarov also informed various authorities about the breach, including those in countries like Australia, Britain, Canada, and the European Union. Apparently, the parties were able to verify the authenticity of the stolen records and expressed their concerns to Yahoo. With various governments deeply alarmed by the incident, the tech giant immediately probed into the matter.

In September of last year, a month after the initial investigation, the company publicly admitted suffering a major breach.  

Report Inconsistencies

After Yahoo’s public acknowledgment, Komarov tells Bloomberg that something was still amiss from the company’s official statement. He said that the Yahoo database he obtained from the Dark Web was different from the copy Yahoo divulged to the media. The cyber security official suspected that the data breach could be far worse.

After alerting authorities of the possibility of a second breach, the tech giant later admitted it suffered a far worse data breach. In a statement, Yahoo said it didn’t know the hacker’s identity but suspected it to be a “state-sponsored actor”.

Verizon Deal Endangered

InfoArmor did approach the tech giant using an intermediary as it caught wind of the massive hack. Komarov revealed that Yahoo was dismissive of the security firm’s claims, though. As it turns out, the company was careful not to endanger its plan to sell its Internet business to Verizon Communications.

The deal had been estimated to be worth $4.8 billion and the news of the breach expectedly threatened it. With Yahoo’s swift resolution on the matter and its public disclosure, though, the company may have potentially saved its chances to make Verizon’s takeover successful. Nothing is set in stone yet, though.

Hacked Database Devalues

As news of the massive Yahoo hack became public, Komarov reports that the compromised database is still up for sale. The data is much less valuable with Yahoo doing the necessary mitigating measures, though. Current bids are coming in at $20,000 to $50,000, but he reveals that there’s an even bigger interest in the data than ever before.

It goes without saying that you need to secure your account ASAP. That or you could think about making switch to a new email service. If you’re sticking it out with Yahoo, here are security measures you may do: 

Securing Your Yahoo Mail Further

1. Set up two-factor authentication

It may be a pain, but this is the best way to secure your account. After you add two-step verification, you can only open your account each time using the unique login code sent to your smartphone via SMS. In other words, you’re making your password virtually useless to hackers.

2. Change password

Don’t wait for Yahoo to notify you to change your password. Do it immediately for your own peace of mind. For good measure, change every password to every account you’ve registered using your Yahoo account, too. Cyber crooks are inevitably in hot pursuit of such valuable credentials. 

3. Disable security questions

When your Yahoo account continues to ask you for your security questions, disable them immediately. Keep in mind, Yahoo is pushing for users to use its Account Key service in place of this security feature. They will, and they should, phase out security questions, after all. 

If it’s too tedious remembering strong passwords, we recommend that you use the best password managers. They’re easy to set up and takes all the hassle out of logging into every online account you own.

You reading this post probably means you’re sticking it out with the perpetually beleaguered email service provider. Although the latest news on the compromised Yahoo database will only bring more worries, rest easy when you know you’ve done your part to protect your email account.