Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.

Yahoo! says “state-sponsored actor” behind massive user data breach

Post Thumbnail

Internet giant Yahoo has admitted a data breach that involved the theft of information from at least 500 million user accounts.

The company said on Thursday that it believed a “state-sponsored actor” stole information including names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers.

An investigation is still continuing into the breach, which Yahoo said happened in late 2014.

The company said that the stolen information did not include unprotected passwords, payment card data, or bank account information, which is not stored in the system that was targeted.

A statement released by Yahoo added: “The investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.”

Yahoo said it is notifying any potentially affected users and asking any users that have not changed their passwords in the last two years to do so.

A list of security tips published on the company’s Tumblr platform on Thursday read: “Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.

“Review your accounts for suspicious activity.

“Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.

“Avoid clicking on links or downloading attachments from suspicious emails.”

Bob Lord, Yahoo’s chief information security officer (CISO), said: “An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the crosshairs of adversaries.

“Through strategic proactive detection initiatives and active response to unauthorised access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure.”

Network security company NSFocus said that the Yahoo breach had been originally reported in 2012, but that the numbers of users affected had been significantly underestimated.

Stephen Gates, chief research intelligence analyst at NSFocus, said: “In 2012, the number of potentially compromised user credentials was estimated to be around 450,000.

“However, the hacker known as Peace is claiming to have up to 500 million user credentials he/she is now attempting to sell online.”

He echoed Yahoo’s advice for users to change their passwords and added that companies must also take further measures to protect user data.

“Enterprises must first assess what hackers would likely want to steal from them,” he said.

“Once identified, enterprises must use all measures at their disposal to protect that data – at all costs.”

Other organisations have commented on the effect the breach could have on Yahoo’s impending takeover by US telecoms company Verizon.

The firm announced in July that it would be buying Yahoo’s operating business – including its search and email services and news pages – for 4.83 billion US dollars (£3.7 billion).

Mark James, of internet security company ESET, said: “As Verizon are about to buy Yahoo, they will have to consider the backlash of future issues with compromised account data.”

Others say that the breach draws attention to outdated security systems across other websites.

Brian Spector, chief executive of Miracl, said: “The underlying issue is that the username and password system is old technology that is not up to the standard required to secure the deep information and private services that we as individuals store and access online today.

“By contrast, new, secure methods of multi-factor authentication can provide much stronger security, and make database hacks, password reuse, browser attacks and social engineering a thing of the past.”