It said the breach occurred in 2014.
Advertisement
“With state-sponsored attacks, it’s not just financial information that’s of value”, said Lance Hoffman, co-director of the Cyberspace Security and Privacy Institute at George Washington University. Experts believe that was one motive behind a 2010 hacking of Google Gmail accounts used by Chinese human rights activists.
Yahoo said they were notifying any potentially affected users and asking any users who have not changed their passwords in the last two years to do so. Security analysts have termed this as the biggest hacking in history involving a single company.
It’s possible that Yahoo’s investigation which found an apparent state-sponsored actor in its networks happened after September 9, and Yahoo has not said exactly when it found out about the breach.
Yahoo declined to comment on “ongoing litigation”.
All of this comes at a time when there is growing suspicion that hackers sponsored by the Russian government are attempting to interfere with the United States presidential election.
An apparent breach was first disclosed to Yahoo by Motherboard reporter Joseph Cox on July 30, who wrote of the dataset being sold on a dark web marketplace on August 1.
Some security experts believe the OPM attack was carried out by the same hackers who also stole data files from large US insurance and health-care companies in 2014 and 2015.
They added: “Review your accounts for suspicious activity”.
“There are lots of people, millions of people, who don’t understand they have a Yahoo account”, said Per Thorsheim, a global cybersecurity expert based in Norway.
“We have had a number of people approach us who had things accessed such as their tax accounts or credit cards, and they couldn’t figure out how people were getting into those”, Casey told CNNMoney.
The person familiar with the matter said several other technology companies suffered similar targeted attacks in late 2014. In such cases, intelligence officials might share useful commercial secrets with their home-grown industries, said Jeremiah Grossman, an official at SentinelOne, a Silicon Valley computer security firm.
Ronald Schwartz, a NY resident, sued on behalf of all Yahoo users in the United States whose personal information was compromised. But Thorsheim said one of his big concerns is that many people don’t realize they have other accounts that put their information – including names, email addresses, telephone numbers and birthdays – in jeopardy.
Advertisement
Michelle says Spark is now in the process of preparing to move all of its email system back home to New Zealand, with a number of customers already receiving requests to register on the company’s website.
