1. Home
  2. Yahoo says one billion accounts exposed in newly discovered security breach

Yahoo says one billion accounts exposed in newly discovered security breach

[email protected] (Agencies)
December 15, 2016

Dec 15: Yahoo Inc (YHOO.O) warned on Wednesday that it had uncovered yet another massive cyber attack, saying data from more than 1 billion user accounts was compromised in August 2013, making it the largest breach in history.

yahooThe number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government. News of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc (VZ.N) to say in October that it might withdraw from an agreement to buy Yahoo's core internet business for $4.83 billion. Following the latest disclosure, Verizon said, "we will review the impact of this new development before reaching any final conclusions." A Yahoo spokesman told Reuters that the company has been in communication with Verizon during its investigation into the breach and that it is confident the incident will not affect the pending acquisition.Yahoo required all of its customers to reset their passwords - a stronger measure than it took after the previous breach was discovered, when it only recommended a password reset.

Yahoo also said Wednesday that it believes hackers responsible for the previous breach had also accessed the company"s proprietary code to learn how to forge "cookies" that would allow hackers to access an account without a password."Yahoo badly screwed up," said Bruce Schneier, a cryptologist and one of the world's most respected security experts. "They weren't taking security seriously and that's now very clear. I would have trouble trusting Yahoo going forward."Yahoo was tentative in its description of new problems, saying the incident was "likely" distinct from the one it reported in September and that stolen information "may have included" names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

It said it had not yet identified the intrusion that led to the massive data theft and noted that payment-card data and bank account information were not stored in the system the company believes was affected.Yahoo said it discovered the breach while reviewing data provided to the company by law enforcement. FireEye Inc"s (FEYE.O) Mandiant unit and Aon Plc's (AON.N) Stroz Friedberg are assisting in the investigation, the Yahoo spokesman told Reuters.The breach is the latest setback for Yahoo, an internet pioneer that has fallen on hard times in recent years after being eclipsed by younger, fast-growing rivals including Alphabet Inc's (GOOGL.O) Google and Facebook Inc (FB.O).

Hours before it announced the breach on Wednesday, executives with Google, Facebook and other large U.S. technology companies met with President-elect Donald Trump in New York. Reflecting its diminished stature, Yahoo was not invited to the summit, according to people familiar with the meeting.The Yahoo spokesman said Chief Executive Marissa Mayer was at the company's Sunnyvale, California headquarters to assist in addressing the new breach. Yahoo shares were down 2.4 percent to $39.91 in extended trading. Verizon shares were little changed from their close at $51.63. (Reporting by Jim Finkle in Boston and Anya George Tharakan in Bengaluru; Additional reporting by Dustin Volz in Washington and Jessica Toonkel in New York; Editing by Savio D'Souza, Bernard Orr)

This story has not been edited by Firstpost staff and is generated by auto-feed.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
June 30,2020

Bengaluru, Jun 30: Karnataka Chief Minister BS Yediyurappa on Monday launched 'Skill Connect Forum' and said that the government is committed to provide impetuous to creating jobs by reviving economic and industrial activities.

The 'Skill Connect Forum' portal connects both private entrepreneurs and job seekers on the same platform.

After launching the forum, the Chief Minister said that the portal provides information on jobs available and who needs a job. "Under this forum, an unemployed will be imparted skills and then enabled to get a job," Yediyurappa said.
Besides providing jobs via registration, the portal also provides a skilled pool of people for those looking to hire, he added.

Deputy Chief Minister Dr CN Ashwath Narayan, who is also the Skill Development Minister said that portal will be a boon to the youth seeking jobs and it will avoid unemployment issue to a great extent.

"All these years, there was no information and communication between job seekers and recruiters. The portal will solve that problem," he said.

Narayan said that there was no proper information on skilled workers and job market. Moreover, skill development was not in sync with the market. All these issues have been addressed by the portal, he added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
July 9,2020

U.S. electric vehicle maker Tesla Inc is "very close" to achieving level 5 autonomous driving technology, Chief Executive Elon Musk said on Thursday, referring to the capability to navigate roads without any driver input.

"I'm extremely confident that level 5 or essentially complete autonomy will happen and I think will happen very quickly," Musk said in remarks made via a video message at the opening of Shanghai's annual World Artificial Intelligence Conference (WAIC).

"I remain confident that we will have the basic functionality for level 5 autonomy complete this year."

Automakers and tech companies including Alphabet Inc Waymo and Uber Technologies are investing billions in the autonomous driving industry.

However industry insiders have said it would take time for the technology to get ready and public to trust autonomous vehicles fully.

The California-based automaker currently builds cars with an Autopilot driver-assistance system.

Tesla is also developing new heat-projection or cooling systems to enable more advanced computers in cars, Musk said.

Industry data showed Tesla sold nearly 15,000 China-made Model 3 sedans last month.

Tesla has become the highest-valued automaker as its shares surged to record highs and its market capitalisation overtook that of former front-runner Toyota Motors Corp.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 19,2020

Cybersecurity researchers on Monday warned of a Trojan malware campaign which is targeting India's co-operative banks using COVID-19 as a bait.

Seqrite, the enterprise arm of IT security firm Quick Heal Technologies, detected the new wave of Adwind Java Remote Access Trojan (RAT) campaign.

Researchers at Seqrite warned that if attackers are successful, they can take over the victim's device to steal sensitive data like SWIFT logins and customer details and move laterally to launch large scale cyberattacks and financial frauds.

According to the researchers, the Java RAT campaign starts with a spear-phishing email which claims to have originated from either the Reserve Bank of India or a nationalised bank.

The content of the email refers to COVID-19 guidelines or a financial transaction, with detailed information in an attachment, which is a zip file containing a JAR based malware.

Upon further investigation, researchers at Seqrite found that the JAR based malware is a Remote Access Trojan that can run on any machine which has Java runtime enabled and hence it can impact a variety of endpoints, irrespective of their base operating system.

Once the RAT is installed, the attacker can take over the victim's device, send commands from a remote machine, and spread laterally in the network.

In addition, this malware can also log keystrokes, capture screenshots, download additional payloads, and extract sensitive user information, Seqrite said, adding that such attack campaigns can effectively jeopardise the privacy and security of sensitive data at the co-operative banks and result in large scale attacks and financial frauds.

To prevent such attacks, users need to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails.

Banks should also keep their operating systems updated and have a full-fledged security solution installed on all the devices, Seqrite advised.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.