

Two Russian intelligence agents were involved in the theft of 500 million Yahoo user accounts in 2014, according to charges announced today (Mar. 15) by the United States Justice Department. In its press release, the department provided a rare glimpse into what was actually done with the data—which included encrypted passwords, names, email addresses, telephone numbers, and birth dates—after it was stolen.
The defendants, who in addition to the Russian agents include a Russian national and a dual citizen of Canada and Kazakhstan, used the stolen Yahoo accounts “to obtain unauthorized access to the contents of accounts at Yahoo, Google $GOOGL and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies.”
One of the defendants, according to the release, also searched the compromised accounts for emails that contained credit card numbers, and also helped to steal the contacts from such accounts for use in an email spam campaign.
The Yahoo data breach, which was announced in September 2016—two years after it occurred—is one of the largest known thefts of sensitive records. Yahoo made the announcement after samples of the stolen data began appearing online in underground hacker forums. The company said it believed the attack was state-sponsored, but did not provide further details. (Yahoo subsequently disclosed in December a separate attack that compromised more than 1 billion accounts.)
The four defendants include:
In total, the four defendants face 47 charges: