Yahoo announced Wednesday that hackers lifted info from more than 1 billion accounts—said to be the largest single data breach ever of an email provider—and more bad news emerged later that day about who some of the account owners were. Per Bloomberg, upward of 150,000 military and government workers had accounts infiltrated in the August 2013 hack, meaning everything from names, telephone numbers, and birthdates to passwords, alternate email accounts, and security questions are "now in the hands of cybercriminals" and a national-security risk. The workers had provided their official government accounts to Yahoo as a backup in case their email became inaccessible. Account owners include everyone from FBI agents, White House staff (past and present), and service members from every branch to NSA and CIA employees, among others.
This new info was discovered when cybersecurity researcher Andrew Komarov stumbled across a database of pilfered Yahoo user info being covertly sold online; he intercepted the database and alerted government officials (who, in turn, told Yahoo, which hasn't confirmed this report to Bloomberg). What this could mean for overseas spies is an easier time at their jobs, as they now may have an "alphabetized hit list of targets." It could also throw a wrench in Yahoo's sale to Verizon. "We will review the impact of this new development before reaching any final conclusions," a Verizon rep tells the New York Times. Komarov doesn't think the hack was done by a foreign state, but by pros with potential spammer customers. He tells Bloomberg that individual consumer privacy was "potentially ... destroyed ... several years ago without [consumer] knowledge." (Everything you need to know about the hack, via Time).