Yahoo today released a statement indicating that a data breach that occurred in 2014 may be the most massive breach yet, affecting at least 500 million users. Moreover, Yahoo is claiming that they believe that the 2014 breach was “state-sponsored”.
Says Yahoo, in a statement released today, “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.”
Last month we reported that user data from a large Yahoo data breach in 2012 was being made available for sale. Presumably the hack that Yahoo is reporting as having occurred in 2014 ‘by a state-sponsored actor’ is a second, and by all accounts even larger hack, but reports are vague at best, ambiguous at worst.
Still, while it’s unclear whether today’s announcement is connected in any way to the 2012 data breach, it seems unlikely. In fact, says PC World, “The company reported the breach on Thursday, after a stolen database from the company went on sale on the black market last month. However, the hacker behind the sale claimed that the stolen database involved only 200 million users and was likely obtained in 2012.”
Plus, even though Yahoo hasn’t openly connected all the dots, they have said clearly in today’s announcement that the hacked data “was stolen from the company’s network in late 2014”, and so it seems that despite having already been spanked by a hacking in 2012, they were not sufficiently hardened against another – and even larger – hacking two years later.
Yahoo has not yet shared what lead them to believe that the hack was state-sponsored, nor have they publicly identified who they believe to be behind it. The term ‘state-sponsored’, when applied to hacking, typically means an act of cyber-warfare or cyber-terrorism which was contracted by the government of another country or other similar organization.
As Security Affairs points out, “Analyzing the statistics it is possible to note that the majority of attacks are related to hacktivism and cybercrime activities, the data demonstrate a growing trend for cyber warfare attacks but it is expected that they represent only the tip of the iceberg.”
You can read the full announcement from Yahoo here, which includes such goodies as “Yahoo and other companies have launched programs to detect and notify users when a company strongly suspects that a state-sponsored actor has targeted an account. Since the inception of Yahoo’s program in December 2015, independent of the recent investigation, approximately 10,000 users have received such a notice.”
We leave to the reader’s imagination the question of why people of interest to a state actor would be using a Yahoo account.
And, of course, if you have a Yahoo account, and this hasn’t convinced you to close it (and we make it easy for you by giving you step-by-step directions for how to Migrate Your Email from Yahoo to Gmail (or Any Other Place) – definitely change your password, especially if you haven’t done so since the beginning of 2015.
|Get notified of new Internet Patrol articles!
You might also like some of our other articles: