Computer hackers swiped personal information from at least 500 million Yahoo accounts in what is believed to be the biggest digital break-in at an email provider.
The massive security breakdown disclosed last week poses new headaches for beleaguered Yahoo CEO Marissa Mayer as she scrambles to close a USD4.8 billion sale to Verizon .
The breach dates back to late 2014, raising questions about the checks and balances within Yahoo — a fallen internet star that has been laying off staff and trimming expenses to counter a steep drop in revenue during the past eight years.
At the time of the break-
in, Yahoo’s security team was led by Alex Stamos, a respected industry executive who left last year to take a similar job at Facebook.
Yahoo didn’t explain what took so long to uncover a heist that it blamed on a “state-sponsored actor” — parlance for a hacker working on behalf of a foreign government.
The Sunnyvale, California, company declined to explain how it reached its conclusions about the attack for security reasons, but said it is working with the FBI and other law enforcement. Yahoo began investigating a possible breach in July, around the time the tech site Motherboard reported that a hacker who uses the name “Peace” was trying to sell account information belonging to 200 million Yahoousers.
Yahoo didn’t find evidence of that reported hack, but additional digging later uncovered a far larger, allegedly state-
sponsored attack.
“We take these types of breaches very seriously and will determine how this occurred and who is responsible,” the FBI said in a statement.
The Yahoo theft represents the most accounts ever stolen from a single email provider, according to computer security analyst Avivah Litan with the technology research firm Gartner Inc.
“It’s a shocking number,” Litan said. “This is a pretty big deal that is probably going to cost them tens of millions of dollars. Regulators and lawyers are going to have a field day with this one.”
Yahoo says it has more than 1 billion monthly users, although it hasn’t disclosed how many of those people have email accounts. In July, 161 million people worldwide used Yahoo email on personal computers, a 30 percent decline from the same time in 2014, according to the latest data from the research firm comScore.
The data stolen from Yahoo includes users’ names, email addresses, telephone numbers, birth dates, scrambled passwords, and the security questions — and answers — used to verify an accountholder’s identity. The company said the attacker didn’t get any information about its users’ bank accounts or credit and debit cards.
Security experts say the Yahoo theft could hurt the affected users if their personal information is mined to break into other online services or used for identity theft. All affected users will be notified about the theft and advised how to protect themselves, according to the company.
Yahoo also is recommending that all users change their passwords if they haven’t done so since 2014. If the same password is used to access other sites, it should be changed too, along with any security questions similar to those used on Yahoo. Michael Liedtke, San Francisco, AP
report of data dump on dark web
In July, Yahoo! Inc. received a report of a hacker claiming to have 280 million user account credentials for sale on the black market. An initial investigation found no evidence to back that up, according to a person familiar with the probe. Claims like these are common nowadays. However, Yahoo decided to conduct a deeper, separate investigation and, piece by piece, the company slowly accumulated evidence of an even larger breach. Earlier this week, the person said there was enough evidence to tell Verizon Communications Inc., which had agreed to buy Yahoo’s web assets for USD4.83 billion on July 25.
No Comments