Shortly after the alert sounded at 9:10 p.m., Yahoo Japan Corp.'s risk team knew it had a problem. More than 20 million usernames and passwords belonging to its customers were being dumped into a file, primed to be stolen.
"What the hell are you doing?" the team asked the Yahoo employee whose account was capturing the encrypted data. The download was blocked immediately, Motonobu Koh, a risk manager, recalled in a recent interview. Then the worker replied: "I'm not doing anything. I'm at home."
The April 2013 breach of Yahoo Japan, controlled by billionaire Masayoshi Son's SoftBank Corp., was an attempt to grab user identities linked to the nation's most visited website. The operation was similar in scale to the 2011 assault on U.S. defense contractor Lockheed Martin Corp., said Itsuro Nishimoto, chief technology officer at LAC Co., the nation's first cybersecurity response center.