Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Yahoo admits one billion accounts exposed in a newly discovered data breach

The tech giant Yahoo admitted crooks have probably stolen details from more than a billion user accounts, and the incident is not linked to previous ones. Bad news for Yahoo!, the company admitted crooks have probably stolen details from more than a billion user accounts. In 2013, hackers broke into the systems of Yahoo and […]

Yahoo! mail

The tech giant Yahoo admitted crooks have probably stolen details from more than a billion user accounts, and the incident is not linked to previous ones.

Bad news for Yahoo!, the company admitted crooks have probably stolen details from more than a billion user accounts. In 2013, hackers broke into the systems of Yahoo and accessed one billion user accounts containing names, addresses, phone numbers, and hashed passwords easy to crack. The passwords were protected with MD5 hashing algorithm that is easy to crack, the leaked data also include some encrypted and cleartext security questions and answers have been compromised too.

The company is urging its customers to reset their passwords.

According to the Yahoo CISO, Bob Lord, data is genuine and this discovery is not linked to past data breaches. The company dates the incident back in August 2013 and blames an unauthorised third party that it hasn’t identified.

“We analysed this (stolen) data with the assistance of outside forensic experts and found that it appears to be Yahoo user! data,” Lord says.

“Based on further analysis of this data by the forensic experts, we believe an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts.

“We have not been able to identify the intrusion associated with this theft. “

The incident is alarming if we also consider past breaches alleged suffered by the Tech Giant.

“The number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government. News of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc to say in October that it might withdraw from an agreement to buy Yahoo’s core internet business for $4.83 billion.” reported the Reuters.

It seems that no financial data was exposed in the incident, anyway we have to consider that Yahoo users are not exposed to a great potential risk of attacks such as identity theft. Crooks can exploit stolen data to target users with social engineering attacks and launch spear phishing campaigns.

Of course, the news will have a significant impact on the acquisition of the company by Verizon because the hackers have stolen the main asset of the tech giant, the data. Analysts speculate a possible interference with the announced $4.8 billion sale of the company to Verizon.

“we will review the impact of this new development before reaching any final conclusions.” commented Verizon.

A Yahoo spokesman told Reuters that the company has been in communication with Verizon during its investigation, he is confident the data breach will not affect the acquisition.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – 1 Billion Yahoo accounts, hacking)