Skip to content

Madit

For all of those MAD about IT

Yahoo discloses hack of 1 billion accounts

Posted on 15th December 2016 by TheLordMayor1983

The company disclosed today that it has discovered a breach of more than one billion user accounts that occurred in August 2013. The breach is believed to be separate and distinct from the theft of data from 500 million accounts that Yahoo reported this September.

Troublingly, Yahoo’s chief information security officer Bob Lord says that the company hasn’t been able to determine how the data from the one billion accounts was stolen. “We have not been able to identify the intrusion associated with this theft,” Lord wrote in a post announcing the hack.

“The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,” Lord added.

Yahoo was alerted to the massive breach by law enforcement and has examined the data with the help of outside forensic experts. The data does not appear to include payment details or plaintext passwords, but it’s still bad news for Yahoo account holders. The hashing algorithm MD5 is no longer considered secure and MD5 hashes can easily be looked up online to discover the passwords they hide.

Yahoo says it is notifying the account holders affected in the breach. Affected users will be required to change their passwords.

Yahoo also announced today that its proprietary code had been accessed by a hacker, who used the code to forge cookies that could be used to access accounts without a password. “The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies,” Lord said, adding that he believed the attack was launched by a state-sponsored actor.

Today’s revelations add to Yahoo’s long string of security problems. Yahoo employees reportedly knew of the intrusion that led to the theft of data from 500 million users as early as 2014, but the company did not announce the breach until this September. What Yahoo executives knew about the breach, and when they knew it, have been crucial questions in Verizon’s ongoing acquisition of Yahoo. Yahoo did not disclose the first breach until several months after the deal was announced.

By Kate Conger

Source https://techcrunch.com/2016/12/14/yahoo-discloses-hack-of-1-billion-accounts/

Posted in Threats and Attacks

Post navigation

London teenager arrested over huge cyberattack
Ukraine Power Company Confirms Hackers Caused Outage

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Satan ransomware-as-a-service gives malware customising tools to hackers on Dark Web
  • Windows 10 Blocks Zero-Days Before Patches Arrive: Microsoft
  • Carbanak Group Used Numerous Tools in Recent Attacks

Categories

  • Legal Issues, Crimes and Punishment (14)
  • Patches and Workarounds (8)
  • Threats and Attacks (95)
  • Tools, Paper and Reports (17)
  • Vulnerabilities and Exposures (56)

Archives

  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
Proudly powered by WordPress | Theme: micro, developed by DevriX.