The U.S. Department of Justice is gearing up to issue indictment orders against four hackers involved in cyber attacks against Yahoo which affected hundreds of millions of users worldwide, reports Bloomberg.

The department is charging four people for their role in the data breach against Yahoo which almost derailed its deal with Verizon. In an unconfirmed report, TechCrunch reports that these indictments could be related to 2014 breach in which 500 million accounts were stolen, the same breach defined by Yahoo as an attack by a ‘state-sponsored actor.’

More: Why and how to delete your Yahoo email account permanently

An anonymous source familiar with the proceedings told Bloomberg that one of the hackers resides in Canada, who can be arrested by next Tuesday, while the other three are currently in Russia.

For last few years, Yahoo Inc. has been under large-scale cyber attacks starting from 2012, when hackers from Deed Company stole 435,000 Yahoo emails along with their plain text passwords and dumped them online for anyone to download. In 2016, a hacker going by the online handle of Peace_of_Mind was selling 200 million Yahoo user data on a dark web marketplace.

It was because of these cyber attacks the US Congress hammered and dumped Yahoo mail for its inefficiency in preventing phishing attempts. In 2013, the company suffered another data breach in which 1 billion user accounts were stolen. The embarrassment does not end here; last year an insider revealed that Yahoo built software to secretly scan user emails for the NSA. Also, last month Yahoo announced that between 2015 and 2016 potentially malicious activity was observed on the website caused by the use of Forged Cookies.

The nonstop data breach revelations almost sabotaged deal between Yahoo and Verizon Communications in which the former was supposed to sell its email service, mobile apps, and websites to the latter. Yahoo is also facing lawsuits against these breaches, and it costs the firm some big bucks.

This is not the first time when US authorities are going after hackers involved in large-scale data breaches. Last year, a Russian hacker involved in the massive LinkedIn 117 million account data breach was arrested and charged in Prague.

At the time of publishing this article, there were about 1 million decrypted Gmail and Yahoo accounts being sold on the dark web.

Source: Bloomberg | Arrest Illustration Credit: Maria Jose Mosquera/ArtWanted


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.