Yahoo! has disclosed another major breach of its users' data:
Yahoo! Inc. disclosed a second major security breach that may have affected more than 1 billion users, giving an update on its probe into hacks on its system before the sale of its main web businesses to Verizon Communications Inc. The company said in a statement that it hasn't been able to identify the "intrusion" associated with this theft by a third party in August 2013.
"Yahoo believes this incident is likely distinct from the incident the company disclosed" in September, according to the statement. The shares dropped as much as 2.6 percent in extended trading after the announcement. At that time, Yahoo said the personal information of at least 500 million users was stolen in an attack on its accounts in 2014, exposing a wide swath of its users ahead of the Verizon deal. The attacker was a "state-sponsored actor," and stolen information may have included names, e-mail addresses, phone numbers, dates of birth, encrypted passwords and, in some cases, unencrypted security questions and answers, Yahoo has said.
In the 2013 hack disclosed Wednesday, Yahoo said compromised user account information may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
The attackers might have gotten access to less info than Uncle Sam did.
Also at TechCrunch, WSJ, and Yahoo!'s Tumblr.
(Score: 0) by Anonymous Coward on Thursday December 15 2016, @04:59PM
> Surely a company cannot be expected to defend against state-sponsored hacking?
Where did you get that from? I don't see even a hint of them trying to absolve themselves of blame based on that claim.
What I do see is a warning that if any country's government considers you interesting, then you should be extra concerned by this hack because your information may have been singled out for special attention by the hackers.
(Score: 2) by bob_super on Thursday December 15 2016, @06:25PM
> I don't see even a hint of them trying to absolve themselves of blame based on that claim.
It's implied. As others pointed out, it's the "we didn't fall for no script kiddies, honest, guv', but what could we possibly do against the power of Rogue states" defense.
I'm gonna get myself a Soylentnews email on of these days (any alias that would be easier to give to people?), not because SN systems are bulletproof, but because they're lower profile than all those corps who either mine your data themselves, or can't protect it anyway.
(Score: 0) by Anonymous Coward on Thursday December 15 2016, @07:57PM
> It's implied.
No. Its being read into the words. It isn't like this is the first publicly suspected state-sponsored hack.
Just because a lot of people are knee-jerking to it this time doesn't make that knee-jerking valid.
http://www.nydailynews.com/news/national/twitter-warning-targeted-users-state-sponsored-hackers-article-1.2465413 [nydailynews.com]
http://arstechnica.com/security/2012/06/google-state-sponsored-attack-warnings/ [arstechnica.com]
http://america.aljazeera.com/articles/2015/10/21/facebook-warns-users-of-state-sponsored-hacking.html [aljazeera.com]
http://www.businessinsider.com/microsoft-alert-email-users-of-government-hacks-2015-12 [businessinsider.com]
http://www.biztekmojo.com/001837/microsoft-did-not-inform-hotmail-hack-victims-regarding-china-sponsored-attack-years-ago [biztekmojo.com]