[BreachExchange] Actually, every single Yahoo account got hacked in 2013
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Oct 3 20:12:12 EDT 2017
https://www.washingtonpost.com/news/the-switch/wp/2017/
10/03/yahoos-2013-data-breach-affected-all-3-billion-accounts-tripling-its-
previous-estimate/
All of Yahoo's 3 billion user accounts in 2013 were affected by its massive
data breach — not the 1 billion accounts that were initially reported, the
company said Tuesday.
The revised number vastly expands the scope of the historic hack, which had
previously broken records as the world's largest data breach. The updated
figure comes as the public is still reeling from back-to-back reports of
data breaches at Equifax and the fast-food chain Sonic.
News of the 2013 Yahoo breach broke last summer as it was being acquired by
Verizon. The disclosure, coming just weeks after Yahoo admitted to a 2014
data breach affecting half a billion accounts, raised major questions about
whether Verizon should go through with the deal. The uncertainty delayed
closing by several months. But now, Yahoo is pointing to "new intelligence"
that persuaded it that the scope of the 2013 breach was far more
significant than previously thought.
“All Yahoo user accounts were affected by the August 2013 theft,” Yahoo
said in a statement. “While this is not a new security issue, Yahoo is
sending email notifications to the additional affected user accounts.”
Yahoo added that no credit card information or unencrypted passwords
associated with the additional affected accounts appear to have been
stolen. The revised number of accounts includes those that may not have
been “active” users at the time, meaning account holders who do not
regularly log in, according to a person familiar with the matter, who spoke
on the condition of anonymity to discuss the investigation.
Yahoo's latest admission comes at an uncomfortable time for technology
firms as Washington grapples with the industry's enormous role in
consumers' lives. That concern has extended to the political realm, with
Facebook on Monday handing over to Congress thousands of online
advertisements that are said to be linked to a Russian effort to influence
the 2016 presidential election. Some conservatives, meanwhile, have called
for companies such as Facebook and Google to be regulated like public
utilities, in an effort to prevent right-wing speech from being
marginalized.
Now Yahoo could find itself in the spotlight once again as policymakers
debate how to handle a data-driven industry that faces such difficulty
retaining control of its most valuable — and sensitive — assets.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171003/b6b77315/attachment.html>
More information about the BreachExchange
mailing list