WASHINGTON - The massive theft of Yahoo user data disclosed last week came from "professional" hackers seeking to profit from the breach, according to an analysis by security researchers.
The analysis published Wednesday by the security firm InfoArmor, which claims to have seen some of the data, contrasts with Yahoo's claim that the attack was likely "state-sponsored," but did suggest that stolen data was sold to a state-sponsored group at one point.
"Yahoo was compromised in 2014 by a group of professional blackhats (hackers) who were hired to compromise customer databases from a variety of different targeted organizations," the report said.
The researchers said the first mention of Yahoo data for sale on "dark" online markets occurred in April 2016.
They added that the vast majority of the data "is not legitimate," and includes invalid, deleted and nonexistent accounts but that the attackers "misrepresented this data set in order to sensationalize and sell it for the purpose of monetizing" the data.
The hackers sold the data to "a state-sponsored party who had interest in exclusive database acquisition" and also to "cybercriminals who planned to use the data for spam campaigns against global targets."
The hack occurred in late 2014 affecting some 500 million users worldwide, according to Yahoo's disclosure last week.
It was not immediately clear if the disclosure would affect the sale of Yahoo's core business to telecom group Verizon for US$4.8 billion (S$6.6 billion).
The news has drawn criticism from US lawmakers who question why it took Yahoo two years to publicly disclose the breach.
"We are even more disturbed that user information was first compromised in 2014, yet the company only announced the breach last week," said a letter to Yahoo signed by six US senators
"Consumers put their trust in companies when they share personal and sensitive information with them, and they expect all possible steps be taken to protect that information."