Yahoo's sheer size, popularity, and reputation for not having security practices as sophisticated as its competitors may have made the internet company an ideal target for Russian spies, according to experts.
"At the very least, Yahoo is a good target for surveillance and intelligence purposes — tracking a person of interest, seeing whom they are communicating with, what about, and so on," Jeremiah Grossman, chief of security at SentinelOne told NBC News. Grossman worked on Yahoo's security team from 1999 to 2001.
The Justice Department announced charges Wednesday against two Russian spies and two hackers behind the 2014 theft of data connected to half a billion Yahoo accounts, which officials called one of the largest known data breaches in American history.
It's unclear from the Justice Department release what the suspects gleaned from accessing Yahoo accounts; however, officials noted that "some victim accounts were of predictable interest" to Russia's federal security service, which is known as the FSB.
That included "personal accounts belonging to Russian journalists; Russian and U.S. government officials; employees of a prominent Russian cybersecurity company; and numerous employees of other providers whose networks the conspirators sought to exploit."
Bill Anderson, CEO of computer security company OptioLabs, told NBC News that Yahoo's popularity — plus its trove of accounts that have sat dormant for years — put a huge bullseye on the company.
"You rob banks because that is where the money is. You go to Yahoo to get email accounts," said Anderson.
Email accounts are the gateway to plenty of areas in your personal life — from your banking accounts and social networks to finding out who your closest contacts are, Anderson said.
At best, it's a treasure chest worth a fortune to the intelligence community. At worst, it's at least worth a few cents. Hackers can then sell millions of accounts to spammers, at a few cents each, for a decent payoff, according to experts.
While Yahoo has made huge strides in beefing up its security in recent years, including the hire of Bob Lord as the chief information security officer, the company doesn't have the same reputation for being on the cutting edge of security as Google.
Many information security experts have respect for the new team, but not the Yahoo brand itself, Grossman said. That image makeover may take time.
"The current security team had little to do with the security oversights of years past and seems to be trying to do the right thing, despite residing in an impossible situation," he said.