The FBI believes that the massive Yahoo! breach started with either a social engineering or spear phishing attack on privileged users according to Ars Technica.
“Malcom Palmore, the FBI special agent in charge of the bureau’s Silicon Valley office, told Ars in an interview that the initial breach that led to the exposure of a half a billion Yahoo accounts likely started with the targeting of a ‘semi-privileged’ Yahoo employee and not top executives.