It seems that someone really had it out for Yahoo! Approximately three months ago they made the information about hackers stealing user accounts in 2014 public. The amount was truly staggering – at least 500 million users were affected. And, unfortunately, it doesn’t end there – Yahoo! now says that similar thing happened in 2013. And this time the number of users affected is sky high – it exceeds one billion.
This hack was found during the process of data analyzing by forensic experts. If Yahoo! is to be believed, it was only given to them by law enforcement authorities in November. The corporation also says that there’s a high chance of the 2013 attack being different from the one that was carried out in 2014.
Still, you can’t say that Yahoo! doesn’t care about its users – it sent out warnings to people that may have been victims to hackers and required them to pick a different password. A certain number of the accounts that were attacked in 2013 could’ve even been accessed without passwords – using forged cookies was enough. Yahoo! has now disabled those cookies.
Still, the company has probably made the record books – what happened in 2013 could be the biggest security breach in the history of the Internet. And Verizon, who has the intention of buying Yahoo!’s properties at the beginning of the next year, is now put into a very interesting position. On one hand, the deal is finalized and everything is ready to be sold – for $4.83 billion, no less – but not so much on the other because buying a company that let a security breach of that magnitude happen could be very detrimental to the reputation of the buyer. Verizon understands all the risks and keeps the situation open, reports The Wall Street Journal. So it may very well end up backing out of the deal or, at the very least, ask for a reduced price.
Bob Lord, Yahoo!’s chief information security officer, have made the situation about the hacks public on December 14. He used Tumblr for that and said that the attack may have led to user’s names, telephone numbers, dates of births, email addresses and hashed passwords becoming known to the hackers. The same thing may have happened to some encrypted and unencrypted security questions and answers. But there’s at least some good news – credit card data as well as the information about the bank account is kept in the different system, so no information like this was stolen. And forged cookies, according to Lord, may be connected to the same people that carried out an attack in 2014.
Yahoo! advises to not only make changes to passwords, but also to the security questions and answers – this concerns all the accounts that have the security information corresponding with the one that’s used by Yahoo! profiles. The company also points out the importance of not opening links and attachments that arrive in emails coming from unfamiliar addresses.
No matter how you look at it, the results are disastrous – not only from a corporate standpoint, but also for the users. More than 150000 accounts that were affected belonged to the people working in U.S. military and government. This kind of information leakage may be a direct threat to national security and expose any country to foreign intelligence, not just the USA. The information about the government workers being hacked was discovered by Andrew Komarov, who is the chief intelligence officer at InfoArmor, a firm which specializes in online security. Komarov found a database containing stolen information in August. He then reported it to law enforcement authorities, who made the situation known to Yahoo! And that’s how it all started.