Site icon The Punching Bag Post

Yahoo, The Largest Hackings in History – One Billion Accounts Compromised

<p>Nearly everyone I know has either been hacked or has stopped an attempted hacking&period; In the past four or five years I&rsquo&semi;ve had my Facebook&comma; two bank accounts&comma; and PayPal hacked&period;&nbsp&semi;<&sol;p>&NewLine;<p>The sheer frequency of these attacks is exemplified by a statement Yahoo made in September&colon; that 500 million user accounts were hacked in 2014&period; This Wednesday&comma; the company admitted that a separate attack in 2013 compromised <strong>over 1 billion<&sol;strong> Yahoo email accounts&period;<&sol;p>&NewLine;<p>These two incidents are the largest security breaches to occur within a single company &ndash&semi; that we know of &ndash&semi; and government employees are among the victims&period;&nbsp&semi;<&sol;p>&NewLine;<p>Yahoo is now forcing all affected users to reset their passwords&comma; but the information exposed during the 2013 hack &ndash&semi; names&comma; dates of birth&comma; phone numbers&comma; passwords&comma; and security questions &ndash&semi; could be enough for hackers to change passwords on their own&period;&nbsp&semi;<&sol;p>&NewLine;<p>Yahoo has fallen behind competitors in terms of security&comma; and critics slam the company for doing nothing after a smaller hacking incident in 2012 compromised over 450&comma;000 accounts&period;&nbsp&semi;<&sol;p>&NewLine;<p>The 2013 and 2014 attacks were only discovered after close examination of a series of data files provided by law enforcement&period;&nbsp&semi;<&sol;p>&NewLine;<p>&ldquo&semi;What&rsquo&semi;s most troubling is that this occurred so long ago&comma; in August 2013&comma; and no one saw any indication of a breach occurring until law enforcement came forward&comma;&rdquo&semi; said Chief Executive Jay Kaplan of Synack&comma; a security company&period;<&sol;p>&NewLine;<p>With help from federal authorities&comma; Yahoo discovered that the hacker responsible for the 2014 attack was likely government-sponsored&period; Yahoo Chief Information Security Officer Bob Lord believes this high profile hacker was able to steal Yahoo&rsquo&semi;s proprietary source code&comma; thus enabling him to &ldquo&semi;impersonate&rdquo&semi; real users and log in to accounts without using passwords&period;&nbsp&semi;<&sol;p>&NewLine;<p>Personal data from attacks like this is usually posted for sale online&period; We&rsquo&semi;ve seen nothing of the sort from this attack&comma; which makes security experts believe the hacker was looking for specific people&period;<&sol;p>&NewLine;<p>Most Yahoo users aren&rsquo&semi;t in danger&comma; says JJ Thompson of Rook Security&comma; but should still change the password for their Yahoo email account and any other accounts&nbsp&semi;that used the same or a similar password&period; &nbsp&semi;<&sol;p>&NewLine;<p>The two massive breaches also endanger Yahoo&rsquo&semi;s recent deal with Verizon&comma; in which it agreed to sell its core business to the telecom giant for &dollar;4&period;8 billion&period;<&sol;p>&NewLine;<p>&ldquo&semi;As we&rsquo&semi;ve said all along we will evaluate the situation as Yahoo continues its investigation&comma;&rdquo&semi; said Verizon spokesman Bob Varettoni&period; &ldquo&semi;We will review the impact of this new development before reaching any final conclusions&period;&rdquo&semi;&nbsp&semi;<&sol;p>&NewLine;<p>Yahoo is now struggling to shore up its defenses while designing new methods of security for the countless frustrated users who have already been hacked&period;<&sol;p>&NewLine;<p>The repeated hackings are a black mark for Yahoo&comma; says Ben Johnson&comma; founder of security company Carbon Black&period; &ldquo&semi;It&rsquo&semi;s not just one sophisticated adversary that gets in&period; Typically companies get compromised multiple times due to the same vulnerability or employee culture&period;&rdquo&semi;&nbsp&semi;<&sol;p>&NewLine;<p><strong>Editor&&num;8217&semi;s note<&sol;strong>&colon; Yahoo&&num;8217&semi;s carelessness cost a lot in terms of privacy for its customers&period; And of course&comma; we have no recourse whatsoever&period;<&sol;p>&NewLine;

Exit mobile version