Yahoo billion-user database was sold thrice on dark web for $300,000

Late last week Yahoo received a lot of bad press as the company announced it was the victim of an extremely large hack in August 2013 that resulted in the breach of data of more than one billion users. The incident was discovered during the investigation of a previously announced hack that saw over 500 million accounts breached in late 2014. Being the victim of the two largest publicly-disclosed hacks in history is definitely not something to be proud about.

The Inquirer offers an update and notes the one billion Yahoo user accounts were reportedly sold on the dark web for $300,000, or a mere $0.0003 per account. Andrew Komarov, chief intelligence officer at InfoArmor, claims two known spammers and an entity that appeared more interested in espionage paid the full amount for the huge database.

The hackers are still offering the database for sale but bids have plunged to as low as $20,000 as Yahoo forced a password reset. Komarov claims the hack is a giant privacy and security nightmare, not in the least because it went undetected for over three years. He also adds it could have national security implications as many of the hacked accounts belong to people with important positions in government or the military:

Komarov told Bloomberg that more than 150,000 US government and military employees' details were also found in the database, which means that hackers could target those users' accounts to threaten national security.

These accounts reportedly belong to current and former White House staff, congressmen and their aides, FBI agents, officials at the National Security Agency, the Central Intelligence Agency, the Office of the Director of National Intelligence, and each branch of the US military.