Yahoo announced that hackers compromised one billion of the company’s user accounts

yahoo_sunnyvale_buildingdsign

https://www.wired.com/2016/12/yahoo-hack-billion-users/

IN SEPTEMBER, YAHOO had the unfortunate distinction of disclosing an enormous 500 million-account breach. Tough stuff. Somehow, though, the company seems to have topped even that staggering figure. Yahoo announced on Wednesday that hackers, in what’s likely a separate attack, compromised one billion of the company’s user accounts in August 2013.One billion. That makes this the biggest known hack of user data ever, and it’s not really close.

The most important thing we know so far is that Yahoo says “this incident is likely distinct from the incident we disclosed on September 22, 2016.” That other breach happened in late 2014, so this new (even bigger) one took place about a year earlier. Yahoo has been working with law enforcement and a third-party cybersecurity firm to to verify the hack and trace its origin, but the company says that so far it doesn’t know who the perpetrator was.

Yahoo says that the breached data includes names, email addresses, phone numbers, birthdays, hashed passwords, and a mix of encrypted and unencrypted security questions and answers. If you’re looking for a silver lining, Yahoo says the breach does not include unencrypted passwords, credit card numbers, or bank account information. Specifically, the company says that financial data is stored in a separate system that it doesn’t believe was compromised.

Another component of the company’s disclosure is a separate attack that took place in 2015 and 2016 in which hackers used forged cookies (small files that track web users) to bypass security protections and access users’ accounts without a password. Yahoo says that it believes this situation is connected at least in part to the allegedly state-sponsored hackers that committed the 2014 breach it disclosed in September.

There may be overlap (even significant overlap!) between the accounts that were compromised in this hack and the ones that were disclosed in the previous breach in September, but even in the best case scenario a billion Yahoo accounts are involved. At an unlikely worst-case scenario, it’s 1.5 billion. For some context, in fall of 2013 Yahoo announced that it had800 million monthly active users total, though it’s not clear how many inactive users it had. Either way, if you had a Yahoo in 2013 or 2014, this is cause to reset passwords and security questions on any account that used the same info immediately.

———-

“That makes this the biggest known hack of user data ever, and it’s not really close.”

1 billion..thats extremely large and they thought it best not tell the slaves for 3 years..

“Yahoo says that the breached data includes names, email addresses, phone numbers, birthdays, hashed passwords, and a mix of encrypted and unencrypted security questions and answers. If you’re looking for a silver lining, Yahoo says the breach does not include unencrypted passwords, credit card numbers, or bank account information.”

phew eh?

401

Advertisements

~ by seeker401 on December 19, 2016.

4 Responses to “Yahoo announced that hackers compromised one billion of the company’s user accounts”

  1. It took three years for Yahoo to tell us about its latest breach. Why does it take so long?

    https://www.washingtonpost.com/news/the-switch/wp/2016/12/16/it-took-three-years-for-yahoo-to-tell-us-about-its-latest-breach-why-does-it-take-so-long/?utm_term=.9dd11bcb9066

    In Yahoo’s case, the reason for the delay may be a fairly simple one. The company may not have known about the breach. Yahoo has not revealed how it learned about the 2013 attack, but reading between the lines of its announcement, it seems as though its security team was alerted by outside investigators rather than an internal team.

    “[Law] enforcement provided us with data files that a third party claimed was Yahoo user data,” wrote Yahoo’s chief information security officer Bob Lord in a blog post. “We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data.”

  2. US charges Russian spies over Yahoo breach

    http://www.bbc.com/news/technology-39281063

    • That charge sets a foundation, if repeated, sets a precedence, which will explode the Russian meme further than it already is now. The article also mentions that the U.S. is waiting for the Russians to acknowledge the matter.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: