[BreachExchange] Yahoo discloses 1 billion accounts breached
Richard Forno
rforno at infowarrior.org
Wed Dec 14 17:55:39 EST 2016
Yahoo discloses 1B account breach
Elizabeth Weise , USATODAY 5:46 p.m. EST December 14, 2016
http://www.usatoday.com/story/tech/news/2016/12/14/yahoo-discloses-likely-new-1-billion-account-breach/95443510/
SAN FRANCISCO — Yahoo on Wednesday disclosed a breach that took place in August of 2013 which may have resulted in data associated with more than one billion user accounts being stolen.
This new, 1-billion-account breach is separate from a 500-million-account breach the company disclosed in September.
At the time, the 500-million-account breach was the largest on record.
Yahoo said in September that it believed the 500-million-account breach was linked to a state-sponsored actor. In Wednesday's statement the company said is has connected some of the activity associated with the 1-billion-account breach to the same same state-sponsored actor.
Yahoo did not say what country it believed the state-sponsored actor was working for.
Verizon is in the process of acquiring Yahoo. In a statement, it said "As we’ve said all along, we will evaluate the situation as Yahoo continues its investigation. We will review the impact of this new development before reaching any final conclusions.”
November disclosure
Yahoo disclosed in November that a law enforcement officials had given it data files showing what appeared to be evidence that an unknown third party had access to Yahoo user data.
Yahoo brought in outside forensic experts and confirmed that the data was in fact from Yahoo users.
As part of that analysis, Yahoo now says it believes the attacker “stole data associated with more than one billion user accounts,” the company said in a release.
Yahoo does not know who was behind the theft.
The stolen account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers, the company said.
Yahoo is working to notify affected users, and is working closely with law enforcement to investigate the breach.
--
It's better to burn out than fade away.
More information about the BreachExchange
mailing list