Unsafe Yahoo | Over 1 billion accounts hacked

Unsafe Yahoo Billion accounts hacked

Yahoo has disclosed that in yet another massive cyber-attack, data from more than 1 billion user accounts was compromised in August 2013, making it the largest breach in history.

The number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government. News of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc to say in October that it might withdraw from an agreement to buy Yahoo’s core internet business for $4.83 billion.

Following the latest disclosure, Verizon said, “we will review the impact of this new development before reaching any final conclusions.”

A Yahoo spokesman told Reuters that the company has been in communication with Verizon during its investigation into the breach and that it is confident the incident will not affect the pending acquisition.

Yahoo required all of its customers to reset their passwords – a stronger measure than it took after the previous breach was discovered, when it only recommended a password reset.

Yahoo also said Wednesday that it believes hackers responsible for the previous breach had also accessed the company’s proprietary code to learn how to forge “cookies” that would allow hackers to access an account without a password.

“Yahoo badly screwed up,” said Bruce Schneier, a cryptologist and one of the world’s most respected security experts. “They weren’t taking security seriously and that’s now very clear. I would have trouble trusting Yahoo going forward.”

Yahoo was tentative in its description of new problems, saying the incident was “likely” distinct from the one it reported in September and that stolen information “may have included” names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

It said it had not yet identified the intrusion that led to the massive data theft and noted that payment-card data and bank account information were not stored in the system the company believes was affected.

“Yahoo badly screwed up,” said Bruce Schneier, a cryptologist and one of the world’s most respected security experts. “They weren’t taking security seriously and that’s now very clear. I would have trouble trusting Yahoo going forward.”

Yahoo was tentative in its description of new problems, saying the incident was “likely” distinct from the one it reported in September and that stolen information “may have included” names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.