A newly revealed Yahoo data breach, which occurred in 2013,involved personal information associated with more than one billionuser accounts, twice those affected in a different incursiondisclosed in September.
|The stolen user-account information may have included names,email addresses, telephone numbers, birthdates, hashed passwords,and, in some cases, encrypted or unencrypted security questions andanswers. The investigation, according to Yahoo, so far indicatesthe stolen information did not include passwords in clear text,payment card data, or financial account information.
|The Sunnyvale, Calif.-based search company, which is beingacquired by Verizon for about $4.8 billion, said an unauthorizedthird party stole the data and that it was working closely with lawenforcement.
|Yahoo said it believed the latest incident waslikely distinct from the breach disclosed in September, when itrevealed personal information associated with at least 500 millionuser accounts, including names, passwords, birthdates, and emailaddresses, was stolen in 2014. In a statement in September, Yahoosaid the compromised information was taken by an unnamedstate-sponsored actor.
||“Yahoo should know that it is an invaluable target forcybercrime syndicates and nation-states and invest the resources toprotect its data accordingly,” Kenneth Geers, senior researchscientist at Clifton, N.J.-based cybersecurity firm ComodoEnterprise, said. “We shouldn't forget that an insider, a rivalcorporation, or even a nation-state might operate purely out ofselfish financial considerations,” Geers added.
|Scott Carlson, technical fellow at Phoenix-based securitycompany BeyondTrust, also commented. “Now more than ever companiesneed to protect themselves when other companies are compromised. Weall know users reuse passwords and we can almost guarantee that theanswers to user's internal secret questions are the same as theirpersonal secret questions.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
