Companies
15/12/2016

In Newly Discovered Security Breach, Yahoo says One Billion Accounts Exposed




Claiming that data from more than 1 billion user accounts was compromised in August 2013, making it the largest breach in history, Yahoo Inc warned on Wednesday that it had uncovered yet another massive cyber attack.
 
The company had noted nearly half of the number of accounts hacked this time to a similar incident that the internet company disclosed in September. Hackers working on behalf of a government were blamed by the company at that time. Verizon Communication Inc was prompted to say in October that it might withdraw from an agreement to buy Yahoo's core internet business for $4.83 billion by the news of that attack, which affected at least 500 million accounts.
 
Following the latest disclosure, "We will review the impact of this new development before reaching any final conclusions," Verizon said following the latest disclosure.
 
Yahoo is confident the incident will not affect the pending acquisition and it has been in communication with Verizon during its investigation into the breach, a Yahoo spokesman had told the media.
 
Announcing a stronger measure than it took after the previous breach was discovered, when it only recommended a password reset, this time Yahoo required all of its customers to reset their passwords.
 
To learn how to forge "cookies" that would allow hackers to access an account without a password, Yahoo believes that hackers responsible for the previous breach had also accessed the company’s proprietary code, the company also said on Wednesday.
 
"Yahoo badly screwed up," said Bruce Schneier, a cryptologist and one of the world's most respected security experts. "They weren't taking security seriously and that's now very clear. I would have trouble trusting Yahoo going forward."
 
Saying that stolen information "may have included" names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers and  that the incident was "likely" distinct from the one it reported in September, Yahoo was tentative in its description of new problems.
 
It said that it noted that payment-card data and bank account information were not stored in the system the company believes was affected and it had not yet identified the intrusion that led to the massive data theft.
 
While reviewing data provided to the company by law enforcement, it discovered the breach, Yahoo said. The Yahoo spokesman said that FireEye Inc’s Mandiant unit and Aon Plc's Stroz Friedberg are assisting in the investigation.
 
Despite being an internet pioneer, Yahoo has fallen on hard times in recent years after being eclipsed by younger, fast-growing rivals including Alphabet Inc's Google and Facebook Inc and the breach is the latest setback for the company.
 
Yahoo executives with Google, Facebook and other large U.S. technology companies met with President-elect Donald Trump in New York hours before it announced the breach on Wednesday. According to people familiar with the meeting, Yahoo was not invited to the summit reflecting its diminished stature.
 
Chief Executive Marissa Mayer was at the company's Sunnyvale, California headquarters to assist in addressing the new breach, the Yahoo spokesman said.
 
Yahoo shares were down 2.4 percent to $39.91 in extended trading. Verizon shares were little changed from their close at $51.63.
 
(Source:www.reuters.com) 

Christopher J. Mitchell
In the same section