Shortly after the alert sounded at 9:10 p.m., Yahoo Japan Corp.'s risk team knew it had a problem. More than 20 million usernames and passwords belonging to its customers were being dumped into a file, primed to be stolen.
"What the hell are you doing?" the team asked the Yahoo employee whose account was capturing the encrypted data. The download was blocked immediately, Motonobu Koh, a risk manager, recalled in a recent interview. Then the worker replied: "I'm not doing anything. I'm at home."
The April 2013 breach of Yahoo Japan, controlled by billionaire Masayoshi Son's SoftBank Corp., was an attempt to grab user identities linked to the nation's most visited website. The operation was similar in scale to the 2011 assault on U.S. defense contractor Lockheed Martin Corp., said Itsuro Nishimoto, chief technology officer at LAC Co., the nation's first cybersecurity response center.
With your current subscription plan you can comment on stories. However, before writing your first comment, please create a display name in the Profile section of your subscriber account page.