Published: Sat, September 24, 2016
Economy | By Melissa Porter

'Yahoo email breach could affect 200000 in NI'

Yahoo said it believes a "state-sponsored actor" was behind the data breach, meaning an individual acting on behalf of a government.

Stolen information may have included names, email address, birth dates, and scrambled passwords, along with encrypted or unencrypted security questions and answers that could help hackers break into victims' other online accounts, according to Yahoo. But some Yahoo security answers and questions were a part of the breach. But unprotected passwords, payment card data and bank account information did not appear to have been compromised, signaling that some of the most valuable user data was not taken.

Once mighty technology giant, Yahoo! known for its popular webmail, portal, and directory services; confirmed a breach of possibly 500 million accounts.

Earlier this year LinkedIn revealed that a 2012 data breach that was thought to have exposed 6.5 million accounts had actually affected 117 million.

Yahoo confirmed late yesterday that it had been hacked and the personal information of 500 million customers stolen from its servers.

"The US authorities will be looking to track down the hackers, but it is our job to ask serious questions of Yahoo on behalf of British citizens and I am doing that today".

The company had about 2.5 million email account holders at the time of the breach in 2014 but the number affected is expected to be significantly smaller.

Some security experts believe the OPM attack was carried out by the same hackers who also stole data files from large US insurance and health-care companies in 2014 and 2015. Yahoo for last eight years has faced a journey downhill, it has been firing employees and selling its services to cut costs and put a stop to the falling revenue.

"It is imperative that companies make cybersecurity a top priority in the M&A process".

"It just smacks of traditional trade craft", Carone said. Not only are email addresses used for private communications, but they serve as recovery points and log-in credentials for accounts on many other websites. "Until then, we are not in position to further comment", the vendor said.

Stolen passwords are also unlikely to be hacked, due to the bcrypt hashing encryption method used by the company. The company has also "invalidated unencrypted security questions and answers so they can not be used to access an account".

"The idea that 'I don't use that account any more, I don't have to worry about it.' - in most cases, unfortunately that's wrong", he said. Still, the practice is vital when one considers what's at stake.

"It is a broad sweep of getting information on people and building up profiles on those who may be of use to them". The company has about a 1 billion monthly email users including its other internet services as well which spans finance, online shopping as well as fantasy football.

This goes without saying, affected users need to update their accounts. "There's no reason not to encrypt that data", said Borohovski.

"With state-sponsored attacks, it's not just financial information that's of value", said Lance Hoffman, co-director of the Cyberspace Security and Privacy Institute at George Washington University.

It was not immediately clear if the data breach could impact the closing of the deal or the price agreed by Verizon. "A hack like the..."

But it's worse for Yahoo's users.

"In the wake of a breach like this, companies should have a well-oiled response plan", said Rajiv Gupta, CEO of Skyhigh. "With talk of Russian attempts to influence the election, it isn't hard to imagine how access to the contact information, and personal details, of that many potential votes could be used maliciously". Current security questions will no longer work. "It's quite unsurprising when these huge breaches take place", Grossman said.

Like this: