Yahoo Suspects It Has Suffered A Huge Data Breach

Uploaded on 2016-09-13 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News

Yahoo is investigating claims the hacker linked to "mega-breaches" at MySpace and LinkedIn has posted details of 200 million Yahoo accounts to a marketplace on the dark web.

Usernames, passwords and dates of birth are being offered for sale for three bitcoins (£1,360). Using the name Peace, the hacker said the data was "most likely" from 2012. Yahoo said it was taking the claim "very seriously" and was "working to determine the facts".

"Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms," it said in a statement.

Dictionary attack

The passwords appear to be hashed, which means they have been scrambled, but the hacker has also published details of the algorithm allegedly used for the hash.

"The algorithm MD5 is considered to be weak, and for the vast majority of passwords it is easy to reverse what it was using what we call a dictionary attack," said Prof Alan Woodward, a security expert from Surrey University. He added though that caution needed to be exercised about the alleged breach.

"We have seen claims about similar dumps in the past weeks which have proved to be fake or just old data," he said. "People are still trying to work out if it is real or not."

Motherboard, which first reported the alleged breach, obtained a small sample of the data - some 5,000 records, and tested whether they corresponded to real accounts on the service.

It found that most of the first two dozen Yahoo usernames tested did correspond to actual accounts.

However, attempts to contact more than 100 of the addresses in the sample saw many returned as undeliverable with auto-responses reading: "This account has been disabled or discontinued," which might suggest that the data is old.

Brendan Rizzo, technical director at HPE Security, said: "Data has high value to attackers, and even though the information for sale on the black market is several years old, it can still be used for social engineering attacks for spear phishing to attempt to gain access to deeper systems with even more lucrative data that can be monetised directly if stolen."

Earlier this month, Yahoo was sold to US telecoms giant Verizon for nearly $5bn (£3.8bn).

BBC

« IBM’s Watson Takes Aim At CyberSecurity
Does Russia Benefit When Assange Reveals Secrets? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

National Cyber Security Centre Finland (NCSC-FI)

National Cyber Security Centre Finland (NCSC-FI)

The NCSC-FI develops and monitors the operational reliability and security of communications networks and services in Finland.

eco

eco

eco, with more than 950 member organizations, is the largest Internet industry association in Europe.

Huntsman Security

Huntsman Security

Huntsman Security provides technology to enable real-time security monitoring and immediate visibility of advanced threats and compliance issues.

Cybonet

Cybonet

Cybonet provides easy to deploy, flexible and scalable security solutions that empower organizations of all sizes to actively safeguard their networks in the face of today’s evolving threats.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Torsion Information Security

Torsion Information Security

Torsion is an innovative information security and compliance engine, which runs either in the cloud or your data centre.

Smoothwall

Smoothwall

Smoothwall develop intelligent web filtering, Monitoring and security solutions designed to protect users worldwide.

360 Total Security

360 Total Security

360 company is the largest provider of Internet and mobile security products in China.

Security & Intelligence Agency (SOA) - Croatia

Security & Intelligence Agency (SOA) - Croatia

SOA is the Croatian security and intelligence service. Areas of activity include Cyber Security and Information Security.

OneTrust

OneTrust

OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management.

Smart Protection

Smart Protection

Smart Protection are experts in brand and trademark protection - we fight against counterfeits and unauthorized usages of brands with machine learning technology.

Deepnet Security

Deepnet Security

Deepnet Security is a leading security software developer and hardware provider in Multi-Factor Authentication (MFA), Single Sign-On (SSO) and Identity & Access Management (IAM).

Digital Craftsmen Ltd

Digital Craftsmen Ltd

We're ISO27001 & Cyber Essentials Cybersecurity experts, delivering full cloud security and managed services. We take a bespoke approach for each client from hosting, optimising & securing them online

ENSCO

ENSCO

The ENSCO group of companies provides engineering, science and advanced technology solutions that guarantee mission success, safety and security to governments and private industries worldwide.

iManage

iManage

iManage's intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business.

Bluerydge

Bluerydge

Bluerydge specialises in cyber security and technology, focusing on the delivery of innovative sovereign solutions through trusted, cleared and experienced professionals.