Michael Kan, writing for PC World:
Yahoo has blamed state actors for the attack, but it was actually elite hackers-for-hire who did it, according to InfoArmor, which claims to have some of the stolen information.
The independent security firm found the alleged data as part of its investigation into “Group E,” a team of five professional hackers believed to be from Eastern Europe.
It’s currently unclear how reliable InfoArmor’s analysis is:
Vitali Kremez, a cybercrime analyst at Flashpoint, is more skeptical of InfoArmor’s findings. “They might have jumped the gun too early on this,” he said.
He questioned discrepancies between the database that InfoArmor obtained and what Yahoo said was stolen. For example, Yahoo said passwords hashed with the bcrypt algorithm and security questions may have been lifted as part of the breach. The data InfoArmor uncovered only contains passwords hashed with the MD5 algorithm, and no mention of security questions, he said.
Yahoo’s announcement of the leaks only said that “the vast majority” were encrypted with bcrypt. It’s possible that InfoArmor’s subset of data is just the first few million database rows, which would likely be the older accounts — I suspect those would use MD5.