Yahoo hack hits 500 million users, but who are the suspects?

Fake mugshots
Image caption These are not real mugshots, obviously

Yahoo says "state-sponsored" hackers stole information from about 500 million users in 2014.

Names, email addresses, telephone numbers, dates of birth and encrypted passwords have been taken.

Yahoo advises users to change passwords if they haven't in the past two years.

But the tech giant has not yet said who exactly it thinks is responsible.

Newsbeat looks at the options with a cyber-security expert.

'All countries have a form of cyber capability'

"The term refers to government support of hacking activity," says Chris Hodson, from cyber security company Zscaler.

"There are the countries who actively fund organised groups.

"But there is also state-aware hacking where governments know it's going on but, potentially for their own benefit, there is a plausible deniability."

He explains that all nations now have a form of defensive or offensive cyber capability.

And that includes the UK.

No one is pointing the finger this time but there have been countries linked to previous hacks

In the past couple of weeks organised groups in Russia have been accused of the Wada hack which revealed medical data of a number of athletes.


"However the targets of some of these cases are key," says Hodson.

"If you look at motive, there was a lot of scandal around Russian doping before the Olympics and then around a month or two later there was a large data breach of the doping association."

North Korea was accused for The Interview hack

North Korea

"The film The Interview was 'mocking' their country, so when there was an enormous cyber attack on the film studio which produced it, you put two and two together and you get four, but it's also quite possible you get five."

In other words, everything seems to point in that direction, but you can't be certain.

There was also more linking North Korea to the attack, he explains: "I think there was a pattern within the malware that was used previously by certain campaigns associated with that country."

When loads of US fingerprint data was stolen, the world looked to China


Nearly four million US government workers had their fingerprint data stolen in 2015 and US officials said the hackers were believed to be based in China.

Susan Collins, a member of the Senate Intelligence Committee, thinks the motive was to "identify people with security clearances".

Chris Hodson says "there is obviously hacking activity from a state perspective that occurs in China".

'There could be some economic motivation and therefore links to a country'

"If this is state-sponsored I don't think they actually want the information - it is more about the impact of the data breach," says Chris.

"Look at the impact that could potentially have on the volatility of the stock market in another country. This is a company which is in the stage of being sold for billions."

But there is no obvious motive for any of these countries - so there is still a chance it's a lone wolf

Lone hacker

Hudson says that it is really hard to say definitively whether it is state sponsored or not and that saying "state sponsored" is the easy option.

"I think we can only go based on evidence, we can only go on history.

"If we go back to the Talk Talk hack, the initial news was that it was a huge targeted attack with financial motivation or associated with economic connotations - but it turned out to be a teenager in his bedroom."

So it could still be a lone hacker and he could be about to make a lot of money.

"The money is in building a persona now, not in stealing credit card data."

So we don't actually know who did it

Hudson thinks that "based on the evidence we have today" it is very hard to be sure the Yahoo hack was state sponsored.

"We infer attribution a lot of the time rather than having cast iron proof."

Find us on Instagram at BBCNewsbeat and follow us on Snapchat, search for bbc_newsbeat