In 2014, the Russian hacker Alexsey Alexseyevich Belan, who was already on the FBI Cyber's Most Wanted list, gained unauthorized access to Yahoo's network.
He stole a copy of Yahoo's user database, which has 500 million subscriber records containing information such as names, recovery e-mail accounts and phone numbers.
He also gained access to Yahoo's account-management tool, which allowed him and his co-conspirators to locate Yahoo e-mail accounts of interest and create bogus cookies to access at least 6,500 accounts.
The hackers then looked for users who had provided a recovery e-mail account, because many of those alternate e-mail addresses were corporate accounts. The hackers were thus able to identify people to target. Among the victims were a foreign diplomat, a former cabinet minister from a country neighbouring Russia and a journalist.
They also compromised Yahoo accounts of a Swiss banking firm, a Nevada gaming official, a senior official at a U.S. airline and a Shanghai-based managing director of a U.S. private-equity firm.
Mr. Belan is also accused of using the hacks to steal credit-card and gift-certificate information, and manipulating Yahoo's search-engine results so that users who looked for drugs that treat erectile dysfunction were redirected to an online pharmacy that paid him kickbacks.
The co-conspirators are alleged to have targeted high-profile people – a banker, an International Monetary Fund official, businesspeople – by going into their Yahoo account, then changing the recovery e-mail information to an account controlled by hackers.
This enabled them to change their victims' passwords and access their other e-mail accounts.
Karim Baratov, a 22-year-old Hamilton man charged in the indictment, is alleged to have been involved in hacking at least 80 of those secondary accounts.