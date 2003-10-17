from the Yay!-Yahoo!-Oh...-wait. dept.
Yahoo has now reported every single account was affected by a data breach in 2013:
In 2016, Yahoo disclosed that more than one billion of about three billion accounts had likely been affected by the hack. In its disclosure Tuesday, the company said all accounts were likely victimized.
Yahoo included the finding in a recent update to its Account Security Update page, saying that it found out about the wider breach through new intelligence obtained during the company's integration into Verizon Communications. Outside forensic experts assisted in the discovery, the company said.
Reuters via Yahoo News reports on an announcement by Yahoo! that an attacker "may have stolen names, email addresses, telephone numbers, dates of birth and encrypted passwords" for 500 million accounts in 2014. According to the announcement, the FBI is looking into the matter and that "The investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network".
Yahoo Inc said on Thursday that at least 500 million of its accounts were hacked in 2014 by what it believed was a state-sponsored actor, a theft that appeared to be the world's biggest known cyber breach by far. Cyber thieves may have stolen names, email addresses, telephone numbers, dates of birth and encrypted passwords, the company said. But unprotected passwords, payment card data and bank account information did not appear to have been compromised, signalling that some of the most valuable user data was not taken. The attack on Yahoo was unprecedented in size, more than triple other large attacks on sites such as eBay Inc , and it comes to light at a difficult time for Yahoo. Chief Executive Officer Marissa Mayer is under pressure to shore up the flagging fortunes of the site founded in 1994, and the company in July agreed to a $4.83 billion cash sale of its internet business to Verizon Communications Inc . "This is the biggest data breach ever," said well-known cryptologist Bruce Schneier, adding that the impact on Yahoo and its users remained unclear because many questions remain, including the identity of the state-sponsored hackers behind it. On its website on Thursday, Yahoo encouraged users to change their passwords but did not require it.
Business Insider reports that a compromise of Yahoo! that had been acknowledged to affect "at least 500 million" accounts may have affected significantly more. Citing an unnamed "former Yahoo executive familiar with its security practices," the story says that the company's "main user database, or UDB" which stores the details for users of several of the company's services, was compromised. If the entire database were copied, information on one to three billion accounts could have been stolen.
Yahoo! has disclosed another major breach of its users' data:
Yahoo! Inc. disclosed a second major security breach that may have affected more than 1 billion users, giving an update on its probe into hacks on its system before the sale of its main web businesses to Verizon Communications Inc. The company said in a statement that it hasn't been able to identify the "intrusion" associated with this theft by a third party in August 2013.
"Yahoo believes this incident is likely distinct from the incident the company disclosed" in September, according to the statement. The shares dropped as much as 2.6 percent in extended trading after the announcement. At that time, Yahoo said the personal information of at least 500 million users was stolen in an attack on its accounts in 2014, exposing a wide swath of its users ahead of the Verizon deal. The attacker was a "state-sponsored actor," and stolen information may have included names, e-mail addresses, phone numbers, dates of birth, encrypted passwords and, in some cases, unencrypted security questions and answers, Yahoo has said.
In the 2013 hack disclosed Wednesday, Yahoo said compromised user account information may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
The attackers might have gotten access to less info than Uncle Sam did.
Four people, including two Russian FSB officers, have been indicted by the Justice Department over a 2014 breach at Yahoo!
The Justice Department has announced charges against four people, including two Russian security officials, over cybercrimes linked to a massive hack of millions of Yahoo user accounts.
Two of the defendants — Dmitry Dokuchaev and his superior Igor Sushchin — are officers of the Russian Federal Security Service, or FSB. According to court documents, they "protected, directed, facilitated and paid" two criminal hackers, Alexsey Belan and Karim Baratov, to access information that has intelligence value. Belan also allegedly used the information obtained for his personal financial gain.
"The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI's point of contact in Moscow on cybercrime matters, is beyond the pale," Acting Assistant Attorney General Mary McCord said.
Yahoo Inc, long-standing "other search engine", will be acquired by Verizon for $4.5 billion.
Yahoo CEO Marissa Meyer will be walking away with $23 million.
(Score: 0) by Anonymous Coward on Wednesday October 04, @02:58AM
wait a minute, is the summary claiming that Verizon was able to teach Yahoo something about security (or at least about lack of security)? Seems really unlikely...
(Score: 2) by frojack on Wednesday October 04, @03:25AM
I had an old Yahoo account. It was long disused, mostly for mailing lists and stuff previously.
I was notified that mine was probably compromised in the first go around. Or was it the second.
I changed the password and forget it about it. Then they came out with their version of two factor authentication so I tried that out.
In addition I've seen yahoo actually deny login when I use a new device. So maybe they make some progress.
I still don't understand how they make any money.
No, you are mistaken. I've always had this sig.
(Score: 2) by Snotnose on Wednesday October 04, @03:35AM (1 child)
Should I be worried? If memory serves I had 3 yahoo email accounts that I never accessed once I got the account I was after. Is this a problem? Is it worse considering I no longer know the login, nor the password for any of them? Although I'm pretty sure what the password is, but I have no clue what the login is/was.
(Score: 3, Funny) by takyon on Wednesday October 04, @04:00AM
Ask the hackers to help you regain access to your account.
[SIG] 04/14/2017: Soylent Upgrade v13 [soylentnews.org]
