FBI: Russian hackers likely used a simple phishing email on a Yahoo employee to hack 500 million user accounts


Marissa Mayer


Yahoo CEO Marissa Mayer.

The FBI says hackers used social engineering techniques on a "semi-privileged" Yahoo employee in order to break into the company's systems and access 500 million user accounts.


In an interview with Ars Technica, FBI agent Malcolm Palmore said the hackers were able to use a "spear phishing" email to gain the Yahoo employee's credentials. Spear phishing emails can encompass various techniques designed to trick the recipient into giving up their personal information. Phishing emails usually appear to come from a trusted source.

One of the most famous recent cases of phishing was when former Hillary Clinton campaign manager John Podesta fell victim to such an email, causing his private messages to leak.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

The US Department of Justice released an indictment Wednesday charging two Russian intelligence agents and two others in connection with the 2014 hacks that compromised 500 million Yahoo user accounts. The DOJ says the two members of Russia's FSB intelligence agency, Dmitry Dokuchaev and Igor Sushchin, "protected, directed, facilitated, and paid" the other two hackers to break into the Yahoo accounts.

The attack was separate from another one in 2013 that compromised 1 billion Yahoo accounts, however no one has been blamed for that attack yet.


So what did the hacker do once they gained access? Read more about the timeline of the data breach here.

NOW WATCH: This animation shows how terrifyingly powerful nuclear weapons have become