Emerging Threats

Hacker sentenced to 5 years for 2014 Yahoo breach

Written by a NortonLifeLock employee


Prosecutors describe Karim Baratov as an "international hacker for hire." A U.S. judge has now sentenced the 23-year-old Canadian to five years in prison for his role in the 2014 Yahoo data breach.

Yahoo breach affected 500 million Yahoo accounts

Baratov pleaded guilty in November 2017 to nine felony hacking charges, which included helping Russian government spies gain access to Yahoo email accounts. In his plea, he admitted to hacking thousands of webmail accounts over seven years, sending those accounts' passwords to a Russian spy in exchange for money.

The attacks allowed Baratov, co-defendant Alexsey Belan, and two Russian Federal Security Service agents to gain direct access to Yahoo's internal networks. And that access enabled them to target specific accounts of interest to the Russian spies. Those accounts belonged to journalists, business leaders, and others.

The Yahoo breach compromised some 500 million Yahoo user accounts. According to Yahoo, the exposed account information may have included names, email addresses, birth dates and, in some cases, security questions or answers. Encrypted passwords — jumbled so only a person with the correct passcode can read them — were also taken. Yahoo says it did not store credit card of other payment information in the affected system.

Baratov started hacking as a teen. He reportedly ran a no-questions-asked service, charging customers about $100 to obtain another person's webmail password through a fake password-reset page.

Yahoo hacker earned more than $1 million

Baratov reportedly collected more than $1.1 million in fees, using the money to buy a house and expensive cars. He said he didn't know he was working with the Russian spy agency.

In addition to the prison sentence, Baratov was also fined $250,000.

Baratov's arrest is the only one in this investigation. Co-defendant Belan and the two Russian spies reside in Russia and are unlikely to be extradited to the U.S. to face the charges against them.

Baratov's approach of using a fake password-reset page to trick folks into handing over their login credentials is a good reminder to avoid clicking on links without consideration. A safer practice would be to type in the desired URL to visit a website to reset your password — whether it's for an email, social media, or bank account.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.