Yahoo! has disclosed another major breach of its users' data:
Yahoo! Inc. disclosed a second major security breach that may have affected more than 1 billion users, giving an update on its probe into hacks on its system before the sale of its main web businesses to Verizon Communications Inc. The company said in a statement that it hasn't been able to identify the "intrusion" associated with this theft by a third party in August 2013.
"Yahoo believes this incident is likely distinct from the incident the company disclosed" in September, according to the statement. The shares dropped as much as 2.6 percent in extended trading after the announcement. At that time, Yahoo said the personal information of at least 500 million users was stolen in an attack on its accounts in 2014, exposing a wide swath of its users ahead of the Verizon deal. The attacker was a "state-sponsored actor," and stolen information may have included names, e-mail addresses, phone numbers, dates of birth, encrypted passwords and, in some cases, unencrypted security questions and answers, Yahoo has said.
In the 2013 hack disclosed Wednesday, Yahoo said compromised user account information may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
The attackers might have gotten access to less info than Uncle Sam did.
Also at TechCrunch, WSJ, and Yahoo!'s Tumblr.
(Score: 2) by Scruffy Beard 2 on Thursday December 15 2016, @01:53PM
I find "state-sponsored actor" hard to believe because they were giving at least one state access on purpose.
So two of Russia, France, and China are supposed to have independently broken in?
Definitely possible, but it should not be your first conclusion.
(Score: 2) by Scruffy Beard 2 on Thursday December 15 2016, @01:56PM
On their tumbler post they say:
" We have connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016."
That is slightly more plausible.