Yahoo customers suffered the largest data breaches in history by some measures. But a decade on, experts warn, we still haven't learned our lesson.
January 2, 2024 By Nate Nelson
In September 2016, Yahoo copped to a breach of 500 million user records. Even today it's one of the top five biggest data breaches in history by sheer volume, yet it's only Yahoo's second biggest.
Andrew Komarov already knew by September of that year that Russian cybercriminals were in possession of hundreds of millions of Yahoo accounts. The Arizona-based CIO told the press at the time that a posse called "Group E" was selling the accounts en masse on the Dark Web at a price tag of $300,000. What he only learned later is that the contents of that breach, and the data being sold by Group E, were inconsistent. In fact, he'd been tracking an entirely separate breach, which turned out to have compromised three billion accounts, making it four times larger than the second largest data breach in history.
Even that wasn't the whole story. By that point, yet more cybercriminal entities — and intelligence agencies belonging to at least three separate nations — had been running loose inside of Yahoo's IT systems for years.
