Hack began with a spear-phishing email sent in early 2014 to a Yahoo company employee. It’s unclear how many employees were targeted and how many emails were sent, but it only takes one person to click on a link, and it happened. The U.S. Federal Bureau of Investigation investigated the 2014 intrusion for two years, but only in late 2016 that the full scale of the hack became apparent. In March 2017, the FBI indicted four people for the attack, two of whom are Russian spies.”]
Source: https://www.csoonline.com/article/3180762/inside-the-russian-hack-of-yahoo-how-they-did-it.html