Skip to main content

The Globe and Mail

How a group of hackers compromised Yahoo's network

Karim Baratov, who was born in Kazakhstan but has Canadian citizenship, has been charged with two Russian spies and another criminal hackers for allegedly pilfering 500 million Yahoo user accounts in 2014.


In 2014, the Russian hacker Alexsey Alexseyevich Belan, who was already on the FBI Cyber's Most Wanted list, gained unauthorized access to Yahoo's network.

He stole a copy of Yahoo's user database, which has 500 million subscriber records containing information such as names, recovery e-mail accounts and phone numbers.

He also gained access to Yahoo's account-management tool, which allowed him and his co-conspirators to locate Yahoo e-mail accounts of interest and create bogus cookies to access at least 6,500 accounts.

Story continues below advertisement

The hackers then looked for users who had provided a recovery e-mail account, because many of those alternate e-mail addresses were corporate accounts. The hackers were thus able to identify people to target. Among the victims were a foreign diplomat, a former cabinet minister from a country neighbouring Russia and a journalist.

They also compromised Yahoo accounts of a Swiss banking firm, a Nevada gaming official, a senior official at a U.S. airline and a Shanghai-based managing director of a U.S. private-equity firm.

Mr. Belan is also accused of using the hacks to steal credit-card and gift-certificate information, and manipulating Yahoo's search-engine results so that users who looked for drugs that treat erectile dysfunction were redirected to an online pharmacy that paid him kickbacks.

The co-conspirators are alleged to have targeted high-profile people – a banker, an International Monetary Fund official, businesspeople – by going into their Yahoo account, then changing the recovery e-mail information to an account controlled by hackers.

This enabled them to change their victims' passwords and access their other e-mail accounts.

Karim Baratov, a 22-year-old Hamilton man charged in the indictment, is alleged to have been involved in hacking at least 80 of those secondary accounts.

Report an error Licensing Options
About the Author
National reporter

Tu Thanh Ha is based in Toronto and writes frequently about judicial, political and security issues. He spent 12 years as a correspondent for the Globe and Mail in Montreal, reporting on Quebec politics, organized crime, terror suspects, space flights and native issues. More

Comments are closed

We have closed comments on this story for legal reasons. For more information on our commenting policies and how our community-based moderation works, please read our Community Guidelines and our Terms and Conditions.