A newly revealed Yahoo data breach, which occurred in 2013, involved personal information associated with more than one billion user accounts, twice those affected in a different incursion disclosed in September.
The stolen user-account information may have included names, email addresses, telephone numbers, birthdates, hashed passwords, and, in some cases, encrypted or unencrypted security questions and answers. The investigation, according to Yahoo, so far indicates the stolen information did not include passwords in clear text, payment card data, or financial account information.
The Sunnyvale, Calif.-based search company, which is being acquired by Verizon for about $4.8 billion, said an unauthorized third party stole the data and that it was working closely with law enforcement.
Yahoo said it believed the latest incident was likely distinct from the breach disclosed in September, when it revealed personal information associated with at least 500 million user accounts, including names, passwords, birthdates, and email addresses, was stolen in 2014. In a statement in September, Yahoo said the compromised information was taken by an unnamed state-sponsored actor.
“Yahoo should know that it is an invaluable target for cybercrime syndicates and nation-states and invest the resources to protect its data accordingly,” Kenneth Geers, senior research scientist at Clifton, N.J.-based cybersecurity firm Comodo Enterprise, said. “We shouldn't forget that an insider, a rival corporation, or even a nation-state might operate purely out of selfish financial considerations,” Geers added.
Scott Carlson, technical fellow at Phoenix-based security company BeyondTrust, also commented. “Now more than ever companies need to protect themselves when other companies are compromised. We all know users reuse passwords and we can almost guarantee that the answers to user's internal secret questions are the same as their personal secret questions.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
