Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

UK Man Involved in 2012 Yahoo Hack Sentenced to Prison

The U.K. National Crime Agency (NCA) announced last week that one of the members of an international cybercrime group has been given a two-year jail sentence.

The U.K. National Crime Agency (NCA) announced last week that one of the members of an international cybercrime group has been given a two-year jail sentence.

The individual, 23-year-old Nazariy Markuta from London, is believed to be a member of a hacker collective known as “D33Ds Company.” In 2012, the group leaked more than 450,000 email addresses and passwords from Yahoo’s Contributor Network.

The NCA has not named the affected company in its press release and instead referred to it as a “major Silicon Valley firm.”

An investigation conducted by the British law enforcement agency in collaboration with the FBI led to the identification of Markuta, who is believed to be a key member of D33Ds Company.

The man was arrested at his home in North-West London in March 2015. At the time of his arrest, agents discovered thousands of payment card records in his possession. Investigators determined that, between 2012 and 2014, he leveraged SQL injection vulnerabilities to also breach the systems of a video game reseller and an SMS messaging service.

Markuta had pleaded guilty to eight counts related to hacking and fraud – crimes covered by the Serious Crime Act 2007, the Computer Misuse Act 1990 and the Fraud Act 2006. He has been sentenced to a total of more than 11 years, but he will only spend up to two years in prison since it’s a concurrent sentence.

The fact that one of the individuals who hacked its systems back in 2012 has been sentenced to prison is likely of little comfort to Yahoo these days. Two other data breaches suffered by the company have come to light over the past weeks, shortly after Verizon agreed to buy its core business for $4.8 billion.

In early August, a hacker offered to sell the credentials of 200 million users allegedly stolen from Yahoo back in 2012. Then, last week, Yahoo admitted suffering a massive data breach in 2014, when attackers believed to be sponsored by a nation state accessed information associated with at least 500 million user accounts.

Advertisement. Scroll to continue reading.

It’s still unclear who is behind the 2014 attack, but experts have speculated that it could be Russia, China or even North Korea.

Related Reading: Celebrity Email Hacker Sentenced to 6 Months in Prison

Related Reading: Romanian Hacker “Guccifer” Sentenced to Prison in US

Related Reading: Kosovo Hacker Linked to IS Group Gets 20 Years in U.S. Prison

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

CISO Strategy

The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks.

Cybercrime

A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...