▲ Up
 
13:45 29-05-2017
MAIN АКИpress CA-News
ADVERTISE WITH US SUBSCRIBE
KazakhstanKyrgyzstanMongoliaTajikistanTurkmenistanUzbekistanWorld
POLITICSBUSINESSINCIDENTSSOCIETYCULTURESPORTANALYSISSCIENCE
Yahoo says 1 billion user accounts hacked
11:02, 15 December 2016, 1030
Twitterfacebookprint

AKIPRESS.COM - Yahoo, already reeling from its September disclosure that 500 million user accounts had been hacked in 2014, disclosed Wednesday that a different attack in 2013 compromised more than 1 billion accounts, NYTimes reports.

The two attacks are the largest known security breaches of one company’s computer network.

The newly disclosed 2013 attack involved sensitive user information, including names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions that could be used to reset a password. Yahoo said it is forcing all of the affected users to change their passwords and it is invalidating unencrypted security questions — steps that it declined to take in September.

It is unclear how many Yahoo users were affected by both attacks. The internet company has more than 1 billion active users, but it is not clear how many inactive accounts were hacked.

Yahoo said it discovered the larger hacking after analyzing data files, provided by law enforcement, that an unnamed third party had claimed contained Yahoo information.

Security has taken a back seat at Yahoo in recent years, compared to Silicon Valley competitors like Google and Facebook. Yahoo’s security team clashed with top executives, including the chief executive, Marissa Mayer, over the cost and customer inconvenience of proposed security measures.

And critics say the company was slow to adopt aggressive security measures, even after a breach of over 450,000 accounts in 2012 and series of spam attacks — a mass mailing of unwanted messages — the following year.

“What’s most troubling is that this occurred so long ago, in August 2013, and no one saw any indication of a breach occurring until law enforcement came forward,” said Jay Kaplan, the chief executive of Synack, a security company. “Yahoo has a long way to go to catch up to these threats.”

Yahoo has made a steady trickle of disclosures about the 2014 hacking, which it has been investigating with the help of federal authorities. The company said Wednesday that it now believes the attacker in that breach, which it says was sponsored by a government, found a way to forge credentials to log into some users’ accounts without a password.

Bob Lord, Yahoo’s chief information security officer, said in a statement that the state-sponsored actor in the 2014 attack had stolen Yahoo’s proprietary source code. Outside forensics experts working with Yahoo believe that the state-sponsored hackers used Yahoo’s code to access user accounts without their passwords by creating forged “cookies,” short bits of text that a website can store on a user’s machine. By forging these cookies, attackers were able to impersonate valid users, gaining information and performing actions on behalf of their victims. The company has not disclosed who it believes was behind the attack.


Full access to all news articles in English

1 month2000 somsubscribe
year20000 somsubscribe
These subscription fees are for private individuals only. Please contact us via phone +996 (312) 900-776 or email info@akipress.org for corporate subscription inquiries
Twitterfacebookprint
LATEST NEWS
13:06 Kyrgyz MPs approve €4 million loan and €1 million grant for Oshelectro Rehabilitation Project12:54 President Atambayev tells why he sent his son to serve in the army12:50 40-yo woman sets herself on fire in Kara-Suu12:30 Kyrgyzstan set to have presidential election on October 15: Atambayev12:27 Kyrgyz wrestler Aisuluu Tynybekova wins 24 medals at official tournaments12:23 Macron says long handshake with Trump was "not innocent"12:18 Atambayev receives Patriarch Kirill of Moscow and all Rus'12:15 Electricity tariffs to grow 10% in 2018-2020 in Kyrgyzstan: Committee12:06 Ombudsman denies reports saying 'criminal case opened against him'12:02 Fitch: Mongolia's IMF program staves off financing risks11:55 Atambayev awards military officers with honorary certificates, hand watches and medals11:54 Deputy Chairman of Jumgal district electric network system commits suicide11:40 "Kyrgyzstan won't get military aid from allies," Atambayev supposes11:28 President ratifies agreement on financing project on improvement of water supply system in Cholpon-Ata11:21 North Korea stages third missile test in 3 weeks11:15 National Bank of Kyrgyzstan considers creating its own digital currency11:08 Atambayev: "There are enough cruds in Kyrgyzstan ready to shake up situation for grants and dividends"11:05 Patriarch Kirill of Moscow and all Russia: "We can see that Orthodox Christians in Kyrgyzstan do not feel themselves disadvantaged"10:39 USAID supports knowledge sharing in innovative TB laboratory diagnostics10:24 Uzbekistan to increase its refining capacity by 50%
© AKIpress News Agency - 2001-2017. All rights reserved
Republication of any material is prohibited without a written agreement with AKIpress News Agency. Any citation must be accompanied by a hyperlink to akipress.com.
Our address:
Moskovskaya str. 189, Bishkek, the Kyrgyz Republic
e-mail: english@akipress.org, akipressenglish@gmail.com;
Tel/Fax: +996(312)90-07-75