SO YAHOO WAS HACKED IN 2014!
Yahoo has confirmed that hackers have stolen the personal information
of at least 500 million of its accounts accounts over the past two
years after a security breach in 2014.
“A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” said Bob Lors Yahoo’s CISO.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”
So far Yahoo said its investigation does not point at the hack being once carried out be a state-sponsored actor but Lors said the company is still looking into the breach with the assistance of law enforcement.
While this goes on, Yahoo said it will be notifying potentially affected user and prompting them to change their passwords, as well as invalidate unencrypted security questions.
The company noted it is also working on enhancing its security systems to better detect and prevent unauthorised access to user’s accounts.
“Through strategic proactive detection initiatives and active response to unauthorised access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure,” Lors promised.
For Yahoo, the timing of the leaked data could not be worse as it is currently in the process of being bought by Verizon for £3.7 billion.
“A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” said Bob Lors Yahoo’s CISO.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”
So far Yahoo said its investigation does not point at the hack being once carried out be a state-sponsored actor but Lors said the company is still looking into the breach with the assistance of law enforcement.
While this goes on, Yahoo said it will be notifying potentially affected user and prompting them to change their passwords, as well as invalidate unencrypted security questions.
The company noted it is also working on enhancing its security systems to better detect and prevent unauthorised access to user’s accounts.
“Through strategic proactive detection initiatives and active response to unauthorised access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure,” Lors promised.
For Yahoo, the timing of the leaked data could not be worse as it is currently in the process of being bought by Verizon for £3.7 billion.
Yahoo might lose so many users to its competitors unless something drastic is done to re-assure its millions of users
ReplyDelete