Yahoo says 1 bln accounts exposed in newly discovered security breach

The cyber attack, the largest in history, has been blamed on attackers working on behalf of a government, and could jeopardize Verizon Communication Inc's pending $4.83 billion acquisition of Yahoo's core internet business.

Dado Ruvic/Reuters/Illustration/File
Yahoo Mail logo is displayed on a smartphone's screen in front of code in this illustration picture, October 6, 2016. REUTERS/Dado Ruvic/Illustration/File Photo

Yahoo Inc warned on Wednesday that it had uncovered yet another massive cyber attack, saying data from more than 1 billion user accounts was compromised in August 2013, making it the largest breach in history.

The number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government. News of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc to say in October that it might withdraw from an agreement to buy Yahoo's core internet business for $4.83 billion.

Following the latest disclosure, Verizon said, "we will review the impact of this new development before reaching any final conclusions."

A Yahoo spokesman told Reuters that the company has been in communication with Verizon during its investigation into the breach and that it is confident the incident will not affect the pending acquisition.

Yahoo required all of its customers to reset their passwords - a stronger measure than it took after the previous breach was discovered, when it only recommended a password reset.

Yahoo also said Wednesday that it believes hackers responsible for the previous breach had also accessed the company's proprietary code to learn how to forge "cookies" that would allow hackers to access an account without a password.

"Yahoo badly screwed up," said Bruce Schneier, a cryptologist and one of the world's most respected security experts. "They weren't taking security seriously and that's now very clear. I would have trouble trusting Yahoo going forward."

Yahoo was tentative in its description of new problems, saying the incident was "likely" distinct from the one it reported in September and that stolen information "may have included" names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

It said it had not yet identified the intrusion that led to the massive data theft and noted that payment-card data and bank account information were not stored in the system the company believes was affected.

Yahoo said it discovered the breach while reviewing data provided to the company by law enforcement. FireEye Inc's Mandiant unit and Aon Plc's Stroz Friedberg are assisting in the investigation, the Yahoo spokesman told Reuters.

The breach is the latest setback for Yahoo, an internet pioneer that has fallen on hard times in recent years after being eclipsed by younger, fast-growing rivals including Alphabet Inc's Google and Facebook Inc.

Hours before it announced the breach on Wednesday, executives with Google, Facebook and other large U.S. technology companies met with President-elect Donald Trump in New York. Reflecting its diminished stature, Yahoo was not invited to the summit, according to people familiar with the meeting.

The Yahoo spokesman said Chief Executive Marissa Mayer was at the company's Sunnyvale, California headquarters to assist in addressing the new breach.

Yahoo shares were down 2.4 percent to $39.91 in extended trading. Verizon shares were little changed from their close at $51.63. (Reporting by Jim Finkle in Boston and Anya George Tharakan in Bengaluru; Additional reporting by Dustin Volz in Washington and Jessica Toonkel in New York; Editing by Savio D'Souza, Bernard Orr)

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Yahoo says 1 bln accounts exposed in newly discovered security breach
Read this article in
https://www.csmonitor.com/Technology/2016/1214/Yahoo-says-1-bln-accounts-exposed-in-newly-discovered-security-breach
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe