“A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor”, Yahoo CISO Bob Lord said in a Tumblr post.
Advertisement
It said the hack may have been “state-sponsored” but “the investigation has found no evidence that the state-sponsored actor is now in Yahoo’s network”.
Network security company NSFocus said that the Yahoo breach had been originally reported in 2012, but that the numbers of users affected had been significantly underestimated.
In July, Yahoo sold its core operating business for US$4.8 billion to U.S. broadband communications giant Verizon.
Yahoo says the breach is believed to have occurred in late 2014 and believes an individual acting on behalf of a government is to blame.
Yahoo after being sold to Verizon now reports a huge breach into its system.
The internet pioneer, which is in the process of selling itself to Verizon, said it’s “working closely” with law enforcement.
“It comes down to whether or not there is a meaningful change in use of the platform above and beyond what was happening before”, says Brian Wieser, an analyst who covers Yahoo at Pivotal Research Group. Lord also said that password information – though not passwords in plain text – may have been stolen, as well as some answers to security questions.
Users who might be affected by the Yahoo attack will be notified, asked to change their passwords and to use other ways of verifying their account. This includes all private information of Yahoo users, including their names, email, telephone numbers, addresses, and passwords.
“More Yahoo breach indicators (this could happen any time, but a lot of signals lining up at once right now)”, Hunt said on Twitter earlier this morning. However, Yahoo investigated the sale and found no evidence that it was legitimate, the source said. The security breakdown risks magnifying Yahoo’s preexisting problems specifically, that it is losing users, traffic and the advertising revenue that follows both, to rivals such as Google and Facebook. Verizon would also gain Yahoo’s 225 million email service users as well as its advertising technology assets such as Brightroll, Flurry and Gemini.
Advertisement
“Hacks are nearly relatively common”, Peck says.
