1. Home
  2. Yahoo says one billion accounts exposed in newly discovered security breach

Yahoo says one billion accounts exposed in newly discovered security breach

[email protected] (Agencies)
December 15, 2016

Dec 15: Yahoo Inc (YHOO.O) warned on Wednesday that it had uncovered yet another massive cyber attack, saying data from more than 1 billion user accounts was compromised in August 2013, making it the largest breach in history.

yahooThe number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government. News of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc (VZ.N) to say in October that it might withdraw from an agreement to buy Yahoo's core internet business for $4.83 billion. Following the latest disclosure, Verizon said, "we will review the impact of this new development before reaching any final conclusions." A Yahoo spokesman told Reuters that the company has been in communication with Verizon during its investigation into the breach and that it is confident the incident will not affect the pending acquisition.Yahoo required all of its customers to reset their passwords - a stronger measure than it took after the previous breach was discovered, when it only recommended a password reset.

Yahoo also said Wednesday that it believes hackers responsible for the previous breach had also accessed the company"s proprietary code to learn how to forge "cookies" that would allow hackers to access an account without a password."Yahoo badly screwed up," said Bruce Schneier, a cryptologist and one of the world's most respected security experts. "They weren't taking security seriously and that's now very clear. I would have trouble trusting Yahoo going forward."Yahoo was tentative in its description of new problems, saying the incident was "likely" distinct from the one it reported in September and that stolen information "may have included" names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

It said it had not yet identified the intrusion that led to the massive data theft and noted that payment-card data and bank account information were not stored in the system the company believes was affected.Yahoo said it discovered the breach while reviewing data provided to the company by law enforcement. FireEye Inc"s (FEYE.O) Mandiant unit and Aon Plc's (AON.N) Stroz Friedberg are assisting in the investigation, the Yahoo spokesman told Reuters.The breach is the latest setback for Yahoo, an internet pioneer that has fallen on hard times in recent years after being eclipsed by younger, fast-growing rivals including Alphabet Inc's (GOOGL.O) Google and Facebook Inc (FB.O).

Hours before it announced the breach on Wednesday, executives with Google, Facebook and other large U.S. technology companies met with President-elect Donald Trump in New York. Reflecting its diminished stature, Yahoo was not invited to the summit, according to people familiar with the meeting.The Yahoo spokesman said Chief Executive Marissa Mayer was at the company's Sunnyvale, California headquarters to assist in addressing the new breach. Yahoo shares were down 2.4 percent to $39.91 in extended trading. Verizon shares were little changed from their close at $51.63. (Reporting by Jim Finkle in Boston and Anya George Tharakan in Bengaluru; Additional reporting by Dustin Volz in Washington and Jessica Toonkel in New York; Editing by Savio D'Souza, Bernard Orr)

This story has not been edited by Firstpost staff and is generated by auto-feed.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
July 18,2020

New Delhi, Jul 18: India's national cybersecurity agency CERT-in, has warned people of credit card skimming spreading across the world through e-commerce platforms.

Attackers are typically targeting e-commerce sites because of their wide presence, popularity and the environment LAMP (Linux, Apache, MySQL, and PHP), the Computer Emergency Response Team (CERT-In) said in a notice on Thursday.

Recently, attackers targeted sites which were hosted on Microsoft's IIS server running with the ASP.NET web application framework, it said.

Some of the sites affected by the attack were found to be running ASP.NET version 4.0.30319, which is no longer officially supported by Microsoft and may contain multiple vulnerabilities, CERT-In said.

The notice also included a list of best practices for website developers including the use of the latest version of ASP.NET web framework, IIS web server and database server.

The advisory is based on research by Malwarebytes which found that this skimming campaign likely began sometime in April this year.

Credit card skimming has become a popular activity for cybercriminals over the past few years, and the increase in online shopping during the pandemic means additional business for them, too, Malwarebytes said in a blog post, adding that attackers do not need to limit themselves to the most popular e-commerce platforms.

Researchers from global cybersecurity and anti-virus brand Kaspersky had warned in December last year that more cybercriminal groups will target online payment processing systems in 2020. 

It said that over the past couple of years, so-called JS-skimming (the method of stealing of payment card data from online stores), has gained immense popularity among attackers. 

Kaspersky researchers in their report said they are currently aware of at least 10 different actors involved in these type of attacks.

Their number will continue to grow during the next year, the report said, adding that the most dangerous attacks will be on companies that provide services such as e-commerce as-a-service, which will lead to the compromise of thousands of companies.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
July 9,2020

U.S. electric vehicle maker Tesla Inc is "very close" to achieving level 5 autonomous driving technology, Chief Executive Elon Musk said on Thursday, referring to the capability to navigate roads without any driver input.

"I'm extremely confident that level 5 or essentially complete autonomy will happen and I think will happen very quickly," Musk said in remarks made via a video message at the opening of Shanghai's annual World Artificial Intelligence Conference (WAIC).

"I remain confident that we will have the basic functionality for level 5 autonomy complete this year."

Automakers and tech companies including Alphabet Inc Waymo and Uber Technologies are investing billions in the autonomous driving industry.

However industry insiders have said it would take time for the technology to get ready and public to trust autonomous vehicles fully.

The California-based automaker currently builds cars with an Autopilot driver-assistance system.

Tesla is also developing new heat-projection or cooling systems to enable more advanced computers in cars, Musk said.

Industry data showed Tesla sold nearly 15,000 China-made Model 3 sedans last month.

Tesla has become the highest-valued automaker as its shares surged to record highs and its market capitalisation overtook that of former front-runner Toyota Motors Corp.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
June 28,2020

The US space agency has thrown open a challenge to win over Rs 26 lakh, calling the global community to send novel design concepts for compact toilets that can operate in both microgravity and lunar gravity.

NASA is preparing for return to the Moon and innumerable activities to equip, shelter, and otherwise support future astronauts are underway.

The astronauts will be eating and drinking, and subsequently urinating and defecating in microgravity and lunar gravity.

NASA said that while astronauts are in the cabin and out of their spacesuits, they will need a toilet that has all the same capabilities as ones here on Earth.

The public designs for space toilet may be adapted for use in the Artemis lunar landers that take humans back to the Moon.

"Although space toilets already exist and are in use (at the International Space Station, for example), they are designed for microgravity only," the US space agency said in a statement.

NASA's Human Landing System Programme is looking for a next-generation device that is smaller, more efficient, and capable of working in both microgravity and lunar gravity.

The new NASA challenge includes a Technical category and Junior category and the last date to send designs is August 17.

NASA's Artemis Moon mission will land the first woman and next man on the lunar surface by 2024.

The Artemis programme is part of America's broader Moon to Mars exploration approach, in which astronauts will explore the Moon and experience gained there to enable humanity's next giant leap, sending humans to Mars.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.