Story image

Yahoo's 1bn user data breach: Everything you should know

16 Dec 2016

Yahoo has uncovered another data breach, where more than 1bn user accounts were compromised in August 2013 - making it the largest data breach in history.

The company says it is ‘likely distinct’ from the data breach in September, and believes an unauthorised third party stole data associated with more than one billion user accounts in August.

Yahoo’s CISO, Bob Lord, confirmed the breach in a recent blog post saying that ’with the assistance of outside forensic experts…it appears to be Yahoo user data’.

“We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016,” writes Lord.

He says that for potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.

However, Lord explains that the stolen information did not include passwords in clear text, payment card data, or bank account information.

“Payment card data and bank account information are not stored in the system the company believes was affected,” he writes.

For all potentially affected Yahoo users, most should have been notified, and the company has taken steps to secure their accounts, including requiring users to change their passwords.

Lord also mentions that they have invalidated unencrypted security questions and answers so that they cannot be used to access an account.

Commenting on the breach, Ryan Kalember, SVP of Cyber Security Strategy at Proofpoint, says it’s critical that consumers and business alike realise that email credentials can be the gateway to more sensitive information than nearly anything else.

“News of the additional Yahoo breach is yet another indication that email accounts are a prime target among criminals,” he says.

“Email is the top way cyber criminals are breaking into the world’s most sophisticated organisations and they target personal inboxes and account information with the same aggressiveness.”

Tyler Moffit, senior threat research analyst at Webroot, adds that this data breach is huge on so many levels.

“Yahoo says hackers stole names, email addresses, phone numbers, dates of birth and encrypted or unencrypted security questions and answers from more than 1 billion accounts,” he says.

“These accounts have been compromised for years and the sheer number of accounts means this has been a large source of identity theft already.

No one should have faith in Yahoo at this point and might very well affect the $4.8 billion Verizon deal.”

Better data management: Whose job is it?
An Experian executive’s practical advice on how to structure data-management roles within a modern business environment.
Platform9 and Intersect partner to bring unified cloud to A/NZ
“For Intersect, Platform9 represents the single most strategic solution to a set of challenges we see expanding across the board."
Meet the future of women in IT
Emily Sopers has just won Kordia’s first ever Women in Technology Scholarship, which was established to address gender imbalance in the information and communications technology (ICT) sector.
Web design programmers do an about face – again!
Google is aggressively pushing speed in the mobile environment as a critical ranking factor, and many eb design teams struggling to reach 80%+ speed scores on Google speed tests with gorgeous – but heavy - WordPress templates and themes.
Digital spending to hit US$1.2 trillion by 2022
A recent study by Zinnov shows that IoT spend reached US$201 billion in 2018 while outsourcing service providers generated $40 billion in revenue.
'Iwi Algorithm' can grow Aotearoa's mana
Ngāti Whātua Ōrākei innovation officer Te Aroha Grace says AI can help to combine the values from different cultures to help grow Aotearoa’s mana and brand – and AI is not just for commercial gain.
Dropbox brings in-country document hosting to A/NZ & Japan
Dropbox Business users in New Zealand, Australia, and Japan will be able to store their Dropbox files in-country, beginning in the second half of 2019.
Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”