The hacker behind the 2014 Yahoo Emails attack, Karim Baratov, a Canadian citizen, was finally apprehended and pleaded guilty to participating directly in the said massive email breach.
This October 2017, Yahoo admitted that three billion user accounts were compromised – the equivalent of half the people on Earth – in a 2014 hack. That included for almost every user at the time of the leak.
The leaked information included some of the most personally identifiable information about each user, including their usernames, passwords, telephone numbers and birthdates. Experts had already warned that it was sensible to presume that those details had been leaked, and protect them accordingly.
Yahoo was already facing at least 41 consumer class-action lawsuits in US federal and state courts.
In San Francisco Federal court, Karim Baratov appeared and pleaded guilty to the hacking activity targeting Yahoo Emails. Additionally, Baratov claimed that he collaborated with the Federal Security Service of the Russian Federation (FSB).
Baratov claimed that after stealing half-billion user accounts, he sent their passwords to Dmitry Aleksandrovich Dokuchaev, an alleged FSB officer who is already on FBI’s wanted list. Other than Dokuchaev, Alexsey Belan and Igor Anatolyevich Sushchin, who are both Russian citizens, are also wanted by the FBI in connection with Yahoo breach. It is however impossible as of the moment that the three agents will ever get caught by US authorities.
Since the Yahoo attack was sponsored by Russian Intelligence, the admission of Karim Baratov, although it follows due process, could not be outright considered true. The said individual could be a sacrificial lamb in exchange for compensation and might be simply misleading the authorities on the whereabouts of the other collaborators. The hasty admission of the accused for such a large crime is highly unlikely.
With respect to the extent of the breach, users are advised to closely monitor their bank accounts, credit reports and any other financial accounts which may have been linked with their Yahoo email account. Suddenly receiving credit cards in the mail that users did not apply for or receiving unwarranted calls from debt collectors for goods are signs that the leaked information are being utilized by attackers.