The FBI says hackers used social engineering techniques on a “semi-privileged” Yahoo employee in order to break into the company’s systems and access 500 million user accounts.
In an interview with Ars Technica, FBI agent Malcolm Palmore said the hackers were able to use a “spear phishing” email to gain the Yahoo employee’s credentials. Spear phishing emails can encompass various techniques designed to trick the recipient into giving up their personal information. Phishing emails usually appear to come from a trusted source.
One of the most famous recent cases of phishing was when former Hillary Clinton campaign manager John Podesta fell victim to such an email, causing his private messages to leak.
The US Department of Justice released an indictment Wednesday charging two Russian intelligence agents and two others in connection with the 2014 hacks that compromised 500 million Yahoo user accounts. The DOJ says the two members of Russia’s FSB intelligence agency, Dmitry Dokuchaev and Igor Sushchin, “protected, directed, facilitated, and paid” the other two hackers to break into the Yahoo accounts.
The attack was separate from another one in 2013 that compromised 1 billion Yahoo accounts, however no one has been blamed for that attack yet.
So what did the hacker do once they gained access? Read more about the timeline of the data breach here.