The passwords do not work, but the dates of birth, telephone numbers and security questions could still be useful to an adept cyberthief, a New York Times report said.
US Federal prosecutors unsealed indictments this week against four Russian men, including two hackers and two intelligence officers, responsible for a 2014 intrusion into Yahoo’s systems that affected 500 million user accounts.
Despite this, data on one billion accounts – stolen in another attack on the company in 2013 – appeared to remain available on underground hacker forums on Friday, the NYT report added.
The authorities were tight-lipped about their investigation of the 2013 attack, which is the largest known breach of a private company’s computer systems. The 2014 hacking of Yahoo’s servers is the second largest.
“We’re not willing to comment right now if there is a connection between the two investigations,” Malcolm Palmore, who oversees the Federal Bureau of Investigation’s cybersecurity division in San Francisco, said on Wednesday in a brief interview after the government unveiled the indictments.