Yahoo Will Reveal ‘Massive’ Loss of User Data, Recode Says
Edwin Chan edwininla Jordan Robertson jordanr1000

September 22, 2016 — 3:07 AM EDT Updated on September 22, 2016 — 8:45 AM EDT

Yahoo! Inc. is preparing to disclose a “massive” data breach of its main 
service, Recode reported, just as Verizon Communications Inc. prepares to take 
over the ailing internet company’s core assets.

The break-in was “widespread and serious” and is expected to be disclosed this 
week, the tech news website said, citing several anonymous sources close to the 
situation as saying. Yahoo didn’t respond to phone and e-mailed requests for 
comment outside of normal business hours.

Such a revelation would confirm earlier reports that the same hacker who’d 
stolen data from LinkedIn was now selling information from 200 million Yahoo 
accounts on a dark web marketplace. The data up for sale included user names, 
scrambled passwords and birth dates and likely dated from 2012, Motherboard 
reported in August, citing the cyber-attacker, who went by the name Peace. 
Yahoo said at the time it was investigating the claim.

It’s worth noting, however, that many of the stolen accounts in a sample of 
data obtained by Motherboard were no longer in use and had been canceled. The 
sale of all of the data for just under $2,000 also suggested that the 
information itself was of little value, either because most of it was obsolete, 
made-up, or useless because the hackers had already attacked legitimate 
accounts and exhausted their need for the data.

Whatever the scale of the alleged breach, the incident shows the danger of 
large datasets spilling into the hacker underground and being used for criminal 
purposes for years without the breached companies knowing or taking minimal 
action based on whatever data hackers tell them was taken.

LinkedIn said in May that it was investigating whether a breach of more than 6 
million users’ passwords in 2012 was bigger than originally thought, following 
a hacker’s attempt to sell what was purported to be login codes for 117 million 
accounts. The company said that it appeared more data was taken in the initial 
compromise and that the company was just learning about the larger amount 
through the hacker’s posting.

Like many Internet companies that have been breached, LinkedIn only reset 
passwords of everyone it believed was part of the breach at the earlier time, 
which amounted to 6.5 million users. It’s unclear what steps, if any, Yahoo has 
taken since learning about the alleged compromise.

Reports of the security breach come just as Chief Executive Officer Marissa 
Mayer is about to close a deal that ends the once-dominant internet firm’s 
independence. Verizon is acquiring its internet assets for $4.8 billion, 
bringing the web portal together with longtime rival AOL. The 
telecommunications company will pick up services that still draw 1 billion 
monthly users, including mail, news and sports content and financial tools.

It's better to burn out than fade away.

Infowarrior mailing list

Reply via email to