Yahoo suffered the biggest data breach of the history when more than 1 billion user accounts were affected. This data breach is different that previous data theft that affected 500 million accounts. This newly disclosed data breach occurred back in August 2013.
The most disappointing part of the incident is that the company has not been able to determine how the data from the one Billion accounts was stolen.
We have not been able to identify the intrusion associated with this theft,” Lord, Yahoo’s chief information security officer, wrote in a post announcing the hack.
The stolen data included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.
Yahoo was alerted to this breach by law enforcement and they tried to investigate the matter with the help of outside forensic experts. While the leaked data didn’t include payment details of plain text passwords, it is still a bad news as the company was using MD5. MD5 hashing algorithm is not considered secure and is easy to crack.
Yahoo says that the company is notifying the users and will force all users to change the password.
Not just this massive data breach, its proprietary code had also been accessed by a hacker. Hacker used the code to forge cookies that could be used to access accounts without a password.
Yahoo confirmed that they have invalidated the forged cookie. Lord also said that it could be the state-sponsored attack.
Today’s revelation again shows the long security problem of Yahoo. Yahoo allowed the intrusion that led to the theft of data from 500 million in 2014. Now, we have information of the massive data breach affecting 1 million users.
This new disclosure could affect Verizon’s $4.83 billion acquisition of Yahoo’s core internet business. Verizon already said that it would consider the 2014 breach to change the deal terms. Now, Verizon has another reason to revise the pricing.
There have been many data breaches in the past, but Yahoo is at the top 2 places with 1 billion and 500 million account details affected. And the third largest data breach affected only 130 million.
See how a big internet company like Yahoo was unable to protect its users. It is disappointing. Now I am happy that I stopped using yahoo’s services long back.
