However, the Yahoo data breach stands out due to its size and the slow response to such a massive security failure.
Advertisement
Hackers have stolen information from approximately 500 million Yahoo user accounts, in what now stands as the largest publically disclosed cyber breach in history.
Yahoo last night confirmed earlier reports that information pertaining to the unprecedented number of “at least” half a billion user accounts was stolen in a 2014 breach.
The company said its investigation suggests the information did not include unprotected passwords, payment card data and bank account information.
Yahoo said it is now working with law enforcements as it sought to respond to the attack.
LAS VEGAS – JANUARY 06: CES attendees walk by a Yahoo! booth during the 2011 International Consumer Electronics Show at the Las Vegas Convention Center January 6, 2011 in Las Vegas, Nevada.
University of Notre Dame associate teaching professor and data security specialist Timothy Carone told AFP that the Yahoo hack fit the “big picture” when it comes to cyberattacks launched by spy agencies in Russia, China, North Korea or other countries.
It reads: “Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account”.
At the time of the break-in, Yahoo’s security team was led by Alex Stamos, a respected industry executive who left past year to take a similar job at Facebook.
Other organisations have commented on the effect the breach could have on Yahoo’s impending takeover by USA telecoms company Verizon.
“We have personnel and technological exchanges” with Yahoo in the USA, but the services provided in Japan and the U.S. “We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact”.
A spokesperson for Yahoo said: “The investigation has found no evidence that the state-sponsored actor is now in Yahoo’s network”. In some cases, the information also included security questions and answers.
The hacker, named peace_of_mind, was found selling the alleged Yahoo login credentials to over 200 million accounts on a black market website that offers illegal goods.
They should also have contingency plans to implement in the event of a cyberattack, which should include a communications strategy and an action plan to protect customers and/or employees, such as a means of triggering a password reset. The data breach may have even compromised on the passwords of these other accounts as well.
Democratic Senator Mark Warner said in a statement he was “most troubled by news that this breach occurred in 2014, and yet the public is only learning details of it today”.
Advertisement
Yahoo said it believed the attack was state-sponsored.
