Following the investigation, a broader probe was launched to review Yahoo’s systems, uncovering evidence that the company had been hacked in late 2014. That could happen if users shun Yahoo or file lawsuits because they’re incensed by the theft of their personal information. Yahoo is also recommending that users who haven’t changed their passwords since 2014 do so. “We take these types of breaches very seriously and will determine how this occurred and who is responsible”, the Federal Bureau of Investigation said. “This is an important detail in the story”.
Advertisement
Yahoo faced pressure Friday (Sep 23) to explain how it sustained a massive cyber-attack – one of the biggest ever, and allegedly state-sponsored – allowing hackers to steal data from half a billion users two years ago. Peace of Mind was all about selling stolen Yahoo account data, so it’s unlikely he was state-sponsored.
Yahoo has started sending emails to those affected by the security breach.
“When you start combining all these different data dumps, you get some valuable information on internet users”, said Jeremiah Grossman, chief of security strategy, at SentinelOne.
Equally unclear is the extent to which passwords were protected.
IT Pro asked Yahoo for confirmation of the attack, but has yet to hear back.
2FA sends a code to a smartphone or cell phone every time you attempt to log into your account and unless said code is entered, along with the password, entry will be denied. However, users have started to see messages to change their passwords.
“It’s nearly certain that the attackers have used Yahoo’s own encryption against it”. While it may be irritating to have to change a stolen password, it is somewhat worse to have to change a stolen mother’s maiden name. Many experts believe it is likely to be Russian or Chinese hackers, who carried out the breach. “Mergers are complicated endeavors, and the scrutiny under which both companies will reside during the course of the transaction only increases the stress to keep what should be sensitive information protected”.
Yahoo is notifying potentially affected users and has taken steps to secure their accounts.
“The question of whether this breach will affect the sale price depends on how extensively it performed due diligence on Yahoo’s security controls”.
Later, it was revealed that Yahoo had notified the Irish authorities about the breach on Thursday.
The latest hack is the latest in a regular succession of incidents with large organisations in which account information has been stolen and compromised.
“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen, and the investigation has found no evidence that the state-sponsored actor is now in Yahoo’s network”.
Advertisement
There are very few people that can honestly say they have a totally unique, impossible to crack password that isn’t a word listed in the dictionary for every web service they use.
