EDITOR’S NOTE: THIS story was updated at 4 p.m. to include new information after Yahoo’s announcement of its data breach.
Over recent months, the ghosts of data breaches past have been returning to plague companies like MySpace, LinkedIn, Twitter, and Tumblr, as hackers put up for sale massive collections of user credentials stolen earlier in the decade. It seems the summer of ginormous data spills isn’t over yet and just reached a new peak. Yahoo confirmed on Thursday afternoon the theft of personal information of half a billion of its users. The announcement comes at a very inconvenient moment: Just as the web giant is trying to sell itself to Verizon in a multi-billion dollar deal.
The Hack
Yahoo chief information security officer Bob Lord wrote in a statement on Yahoo’s Tumblr site that the company had been the victim of a hacker intrusion in late 2014 that accessed at least 500 million accounts and retrieved a bounty of information, including user names, email addresses, telephone numbers, dates of birth, security questions and answers, and passwords—albeit passwords protected by cryptographic hashing. “We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” Lord writes. “An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the crosshairs of adversaries.”
Earlier Thursday Recode reported that Yahoo was expected to confirm a data breach that affects hundreds of millions of users. The site referenced a collection of 200 million of Yahoo’s user names, birthdates, email addresses and hashed passwords that’s been offered for sale on the dark web marketplace The Real Deal since at least August.
No comments:
Post a Comment