|
Yahoo says one billion
accounts exposed in newly discovered security breach
Send a link to a friend
 [December 15, 2016]
By Jim Finkle and Anya George Tharakan
(Reuters) -
Yahoo
Inc warned on Wednesday that it had uncovered yet another massive cyber
attack, saying data from more than 1 billion user accounts was
compromised in August 2013, making it the largest breach in history.
The number of affected accounts was double the number implicated in a
2014 breach that the internet company disclosed in September and blamed
on hackers working on behalf of a government. News of that attack, which
affected at least 500 million accounts, prompted Verizon Communication
Inc to say in October that it might withdraw from an agreement to buy
Yahoo's core internet business for $4.83 billion.
Following the latest disclosure, Verizon said, "we will review the
impact of this new development before reaching any final conclusions."
A Yahoo spokesman told Reuters that the company has been in
communication with Verizon during its investigation into the breach and
that it is confident the incident will not affect the pending
acquisition.
Yahoo required all of its customers to reset their passwords - a
stronger measure than it took after the previous breach was discovered,
when it only recommended a password reset.
Yahoo also said Wednesday that it believes hackers responsible for the
previous breach had also accessed the company’s proprietary code to
learn how to forge "cookies" that would allow hackers to access an
account without a password.
"Yahoo badly screwed up," said Bruce Schneier, a cryptologist and one of
the world's most respected security experts. "They weren't taking
security seriously and that's now very clear. I would have trouble
trusting Yahoo going forward."
Yahoo was tentative in its description of new problems, saying the
incident was "likely" distinct from the one it reported in September and
that stolen information "may have included" names, e-mail addresses,
telephone numbers, dates of birth, hashed passwords and, in some cases,
encrypted or unencrypted security questions and answers.
It said it had not yet identified the intrusion that led to the massive
data theft and noted that payment-card data and bank account information
were not stored in the system the company believes was affected.
[to top of second column] |
A sign advertising internet company Yahoo is pictured in downtown
San Francisco, California February 4, 2016. REUTERS/Mike Blake/File
Photo
Yahoo
said it discovered the breach while reviewing data provided to the company by
law enforcement. FireEye Inc’s Mandiant unit and Aon Plc's Stroz Friedberg are
assisting in the investigation, the Yahoo spokesman told Reuters
The
breach is the latest setback for Yahoo, an internet pioneer that has fallen on
hard times in recent years after being eclipsed by younger, fast-growing rivals
including Alphabet Inc's Google and Facebook Inc.
Hours before it announced the breach on Wednesday, executives with Google,
Facebook and other large U.S. technology companies met with President-elect
Donald Trump in New York. Reflecting its diminished stature, Yahoo was not
invited to the summit, according to people familiar with the meeting.
The Yahoo spokesman said Chief Executive Marissa Mayer was at the company's
Sunnyvale, California headquarters to assist in addressing the new breach.
Yahoo shares were down 2.4 percent to $39.91 in extended trading. Verizon shares
were little changed from their close at $51.63.
(Reporting by Jim Finkle in Boston and Anya George Tharakan in Bengaluru;
Additional reporting by Dustin Volz in Washington and Jessica Toonkel in New
York; Editing by Savio D'Souza, Bernard Orr)
[© 2016 Thomson Reuters. All rights
reserved.] Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
