Resultados 1 a 2 de 2
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,032

    [EN] Yahoo: 500+ Million Accounts Breached in Attack

    The attacker was a “state-sponsored actor,” and stolen information may include names, e-mail addresses, phone numbers, dates of birth, encrypted passwords and, in some cases, un-encrypted security questions and answers, Yahoo said Thursday in a statement.

    Yahoo said it believes that the hackers are no longer in its corporate network. The company said it didn't believe that unprotected passwords, payment-card data or bank-account information had been affected.


    by Bloomberg
    September 22, 2016

    Yahoo! Inc. said the personal information of at least 500 million users was stolen in an attack on its accounts in 2014, exposing a wide swath of its roughly 1 billion users ahead of Verizon Communications Inc.’s planned acquisition of the web portal’s assets. The attacker was a “state-sponsored actor,” and stolen information may include names, e-mail addresses, phone numbers, dates of birth, encrypted passwords and, in some cases, un-encrypted security questions and answers, Yahoo said Thursday in a statement. The continuing investigation doesn’t indicate theft of payment card data or bank account information, or unprotected passwords, the company said. Affected users are being notified, accounts are being secured, and there’s no evidence the attacker is still in Yahoo’s network, it also said.

    “Yahoo is working closely with law enforcement on this matter,” the company said in the statement. “Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry.”

    The disclosure of the data theft comes at a particularly sensitive time for Chief Executive Officer Marissa Mayer, as she navigates the company toward a planned $4.8 billion acquisition by Verizon, set to close by early next year. Mayer, who has dealt with difficulties and complaints about Yahoo’s e-mail service in the past, needs to keep users logging in to drive traffic and draw the advertising that fuels the company’s revenue growth, which has been sluggish under her leadership.

    Verizon was notified of the incident within the last two days, the company said in an e-mailed statement.

    “We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact,” Verizon said in an e-mail. “We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities.”

    ‘Epidemic’

    The confirmation that accounts were compromised came almost two months after the company said it was investigating claims that a hacker was offering to sell user account details stolen in a data breach. The same hacker, who previously sold data taken from LinkedIn and MySpace, posted information from 200 million Yahoo accounts on a dark web marketplace, Motherboard reported in early August. The stolen information being offered was most likely from 2012, Motherboard reported, citing the hacker, who uses the name Peace.

    “All of this compromised information is very useful for criminals in order to hijack user identities and use them for fraudulent purposes,” Avivah Litan, an analyst with Gartner, said. “Identity impersonation has become a global criminal epidemic and there are no simple solutions.”

    Yahoo is encouraging users to review their accounts for suspicious activity and to change their password and security questions — along with answers for other online accounts where they use the same or similar information. The company also recommends users avoid clicking on links or downloading attachments from suspicious e-mails.

    Many of the stolen accounts in a sample of data obtained by Motherboard were no longer in use and had been canceled. The sale of all of the data for just under $2,000 suggested much of the information was obsolete, made up, or useless because the hackers had already attacked legitimate accounts and exhausted their need for the material.

    http://www.datacenterknowledge.com/a...eached-attack/
    Última edição por 5ms; 22-09-2016 às 23:21.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,032
    By Robert McMillan
    Sept. 22, 2016

    Yahoo Inc. is blaming “state-sponsored” hackers for what may be the largest-ever theft of personal user data.

    The internet company, which has agreed to sell its core business to
    Verizon Communications Inc. said Thursday that hackers penetrated its network in late 2014 and stole personal data on more than 500 million users. The stolen data included names, email addresses, dates of birth, telephone numbers and encrypted passwords, Yahoo said.

    Yahoo said it believes that the hackers are no longer in its corporate network. The company said it didn't believe that unprotected passwords, payment-card data or bank-account information had been affected.

    Computer users have grown inured to notices that a tech company, retailer or other company with which they have done business had been hacked. But the Yahoo disclosure is significant because the company said it was the work of another nation, and because it raises questions about the fate of the $4.8 billion Verizon deal, which was announced on July 25.

    In July, Yahoo began investigating claims by hackers who were offering to sell what they said were 280 million Yahoo usernames and passwords. Yahoo said it concluded the information for sale wasn't legitimate, but the company decided to broaden its probe, eventually determining that it had been breached by “a state-sponsored actor.”

    In a proxy filing related to the Verizon deal on Sept. 9, Yahoo said it wasn't aware of any “security breaches” or “loss, theft, unauthorized access or acquisition” of user data. Yahoo declined to comment on the filing.

    Yahoo didn’t say how the hackers broke into its network or which country sponsored the attacks.

    The intrusion, in late 2014, came during a period when many computer attacks, including on the federal Office of Personnel Management and health insurer Anthem Inc. were believed to be the work of China. More recent hacks, however, including of the Democratic National Committee earlier this year, have been blamed on Russia. Both countries have denied involvement in the hacks.

    It isn’t uncommon for data breaches to go unreported for years. In May, Myspace notified users of a 2013 breach; the same month, LinkedIn Corp. also notified users that a 2012 incident, thought to have affected just 6.5 million accounts, had actually compromised more than 100 million.

    “The FBI is aware of the intrusion and investigating the matter,” the Federal Bureau of Investigation said. “We take these types of breaches very seriously and will determine how this occurred and who is responsible.”

    Verizon said it was notified of the breach earlier this week. “We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact,” Verizon said in a statement. “We will evaluate as the investigation continues.”

    B. Riley & Co. analyst Sameet Sinha said the breach is unlikely to affect terms of the Verizon deal.

    “Data breaches have become part of doing business now,” he said, adding that Microsoft Corp.agreed to buy LinkedIn for $26.2 billion in June, one month after LinkedIn notified users of the broader scope of its 2012 breach.

    But Stephen S. Wu, a technology lawyer at the Silicon Valley Law Group, said the language assuring that no security breaches had occurred might give Verizon leverage to renegotiate the deal, or even to walk away.

    The Yahoo breach appears to be the largest ever disclosed, based on the number of users affected, said Paul Stephens, director of policy and advocacy with Privacy Rights Clearing House, a not-for-profit group that compiles information on data breaches. Credit-card processor Heartland Payment Systems Inc. said roughly 130 million credit- and debit-card numbers had been stolen in a 2009 hack.

    The Yahoo breach, and the timing of the disclosure, quickly reverberated in Washington. Sen. Mark Warner, D-Va., said in a statement, “I am perhaps most troubled by news that this breach occurred in 2014, and yet the public is only learning details of it today.”

    Yahoo’s breach is the latest in a series of compromises that have put billions of consumer usernames and email addresses at risk. One website, called Leaked Source, sells a searchable list of more than two billion credentials.

    While many other companies have disclosed large-scale breaches recently, the fact that Yahoo is linking its hack to state-sponsored hackers is noteworthy. U.S. intelligence officials have said China-based attacks have declined in recent months, following a 2015 agreement between the U.S. and China.

    Over the past year, Russia has gradually taken China’s place as the primary suspect of attacks on U.S. systems. Two hacking groups—linked by security researchers and U.S. government officials to Russia—have published email messages belonging to public figures, including private Gmail messages belonging to former Secretary of State Colin Powell.

    The Yahoo data could be used to obtain the personal correspondence of public figures. “For a government, the real value would be to look for people with real value,” said Matthew Green, a computer science professor at Johns Hopkins University. “Maybe you don’t get classified information, but some of those Colin Powell emails were very interesting.”

    Yahoo said the stolen passwords were encrypted, but computer-security experts said a determined attacker could unscramble passwords—especially simple passwords—using commonly available “cracking” software. Once cracked, hackers could break into Yahoo accounts and—if the password happened to be reused on another web service—possibly other websites too.

    Security experts recommend that consumers add a “second factor” of authentication to their online accounts. Typically this means receiving a short code via text message every time the user logs in from an unknown computer.

    Yahoo says that its users should change their passwords and security questions, and avoid using the same password on multiple accounts.

    —Anne Steele, Ryan Knutson, Damian Paletta contributed to this article.

    http://www.wsj.com/articles/yahoo-sa...len-1474569637

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •