Yahoo Suspects It Has Suffered A Huge Data Breach

Uploaded on 2016-09-13 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News

Yahoo is investigating claims the hacker linked to "mega-breaches" at MySpace and LinkedIn has posted details of 200 million Yahoo accounts to a marketplace on the dark web.

Usernames, passwords and dates of birth are being offered for sale for three bitcoins (£1,360). Using the name Peace, the hacker said the data was "most likely" from 2012. Yahoo said it was taking the claim "very seriously" and was "working to determine the facts".

"Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms," it said in a statement.

Dictionary attack

The passwords appear to be hashed, which means they have been scrambled, but the hacker has also published details of the algorithm allegedly used for the hash.

"The algorithm MD5 is considered to be weak, and for the vast majority of passwords it is easy to reverse what it was using what we call a dictionary attack," said Prof Alan Woodward, a security expert from Surrey University. He added though that caution needed to be exercised about the alleged breach.

"We have seen claims about similar dumps in the past weeks which have proved to be fake or just old data," he said. "People are still trying to work out if it is real or not."

Motherboard, which first reported the alleged breach, obtained a small sample of the data - some 5,000 records, and tested whether they corresponded to real accounts on the service.

It found that most of the first two dozen Yahoo usernames tested did correspond to actual accounts.

However, attempts to contact more than 100 of the addresses in the sample saw many returned as undeliverable with auto-responses reading: "This account has been disabled or discontinued," which might suggest that the data is old.

Brendan Rizzo, technical director at HPE Security, said: "Data has high value to attackers, and even though the information for sale on the black market is several years old, it can still be used for social engineering attacks for spear phishing to attempt to gain access to deeper systems with even more lucrative data that can be monetised directly if stolen."

Earlier this month, Yahoo was sold to US telecoms giant Verizon for nearly $5bn (£3.8bn).

BBC

« IBM’s Watson Takes Aim At CyberSecurity
Does Russia Benefit When Assange Reveals Secrets? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Security Stronghold

Security Stronghold

Security Stronghold is focused on protecting computers from malicious programs like viruses, Trojans, spyware, adware, trackware, keyloggers and other kinds of online threats.

Prevalent

Prevalent

Prevalent takes the pain out of third-party risk management. Companies use our services to eliminate the security and compliance exposures that come from working with vendors and suppliers.

H-11 Digital Forensics

H-11 Digital Forensics

H-11 Digital Forensics is a global leader of digital forensic technology.

Combined Selection Group (CSG)

Combined Selection Group (CSG)

CSG are Global Talent Experts, we operate across 7 specialist sectors, including Information Technology and Cybersecurity, and take a pro-active approach to executive search and headhunting.

iProov

iProov

iProov delivers authentication and verification simply and securely, based on a genuine one-time biometric.

Prolimax

Prolimax

Prolimax deliver innovative solutions to IT Manufacturers, Distributors, Resellers and End-users including Data Erasure and secure IT Asset Disposition (ITAD)

Simply Hired

Simply Hired

Simply Hired is a job search engine that collects job listings from all over the web, including company career pages, job boards and niche job websites.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

FYEO

FYEO

FYEO is a threat monitoring and identity access management platform for consumers, enterprises and SMBs.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

Verizon

Verizon

Verizon is a leader in IT technology solutions - Verizon Cloud, Networking, Security, Mobility, Machine-to-Machine (M2M), Advanced Communications and Professional Services.

Sensity

Sensity

Sensity is a company that offers an AI-driven solution to detect and verify deepfakes and other forms of identity fraud.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.

Pacific Certifications

Pacific Certifications

Pacific Certifications provide accredited certification, training and support services to help you improve processes, performance and products and services.

Neptune Shield

Neptune Shield

Neptune Shield's mission is to deliver cutting edge Maritime focused Cyber Security & Threat Protection through our Hampton Roads based Tech & Cyber Security Hub.