Monday, 25 Nov, 2024

Tech

Every single Yahoo account hacked in 2013

27 |
Update: 2017-10-04 02:28:23
Every single Yahoo account hacked in 2013

DHAKA: An epic and historic data breach at Yahoo in August 2013 affected every single customer account that existed at the time, reports CNN Money quoting Verizon, Yahoo’s parent company.

That's three billion accounts -- including email, Tumblr, Fantasy and Flickr -- or three times as many as the company initially reported in 2016.

Names, email addresses and passwords, but not financial information, were breached, Yahoo said last year.

The new disclosure comes four months after Verizon (VZ, Tech30) acquired Yahoo's core internet assets for $4.48 billion. Yahoo is part of Verizon's digital media company, which is called Oath.

Verizon revised the number of breached accounts to three billion after receiving new information.

"The company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft," Verizon said in a statement.

Verizon would not provide any information about who the outside forensics experts are.

Following the hacking revelations last year, Yahoo required password changes and invalidated unencrypted security questions to protect user information.

According to experts, it's not uncommon for forensic investigations to expose a greater number of victims than initial estimates.

"This often happens with breaches, on a much smaller scale," said Wesley McGrew, a security expert at Horne Cyber. "Initially, the investigation establishes a set of compromised systems and data that encompasses a set of users, then later something is discovered that expands the compromised systems [or] access."

He also said that internal investigations might miss something, and outside experts focused on digital forensics will find more than an internal team.

Yahoo was also hit by a hack in 2014, which affected around 500 million people and is believed to be separate from the 2013 breach. In March of this year, the Department of Justice indicted four people in connection with the 2014 attack -- two Russian spies and two hackers.

It's unclear who exactly was behind the 2013 break-in, but cybersecurity analysts reported in December that the stolen data was up for sale on the dark web, a murky network only accessible through certain software.

Whether or not people use Yahoo services, they should always practice proper computer hygiene, experts say, such as not reusing passwords and implementing two-factor authentication on all their accounts.

BDST: 1226 HRS, OCT 4, 2017
SI

All rights reserved. Sale, redistribution or reproduction of information/photos/illustrations/video/audio contents on this website in any form without prior permission from banglanews24.com are strictly prohibited and liable to legal action.