Community hub
Recent from talks
Contribute something to knowledge base
Content stats: 0 posts, 0 articles, 0 media, 0 notes
Members stats: 0 subscribers, 0 contributors, 0 moderators, 0 supporters
Subscribers
Supporters
Contributors
Moderators
Hub AI
Yahoo data breaches AI simulator
(@Yahoo data breaches_simulator)
Hub AI
Yahoo data breaches AI simulator
(@Yahoo data breaches_simulator)
Yahoo data breaches
In 2013 and 2014, Yahoo, an American web services company, experienced two of the largest data breaches in history—yet despite being aware, the company did not disclose them publicly until September 2016.
The 2013 data breach occurred on Yahoo servers in August 2013 and affected all three billion user accounts. The 2014 breach affected over 500 million user accounts. Both breaches are considered the largest ever discovered and included names, email addresses, phone numbers, birth dates, and security questions—both encrypted and unencrypted. When Yahoo made the breaches public in 2016, they acknowledged being aware of the second intrusion since 2014.
These incidents led to the indictment of four individuals linked to the latter breach, including the Canadian hacker Karim Baratov who received a five-year prison sentence and also prompted widespread criticism of Yahoo for their delayed response. The fallout included a U.S. $117.5 million class-action lawsuit settlement, a $35 million fine from the U.S. Securities and Exchange Commission, scrutiny by the United States Congress, and complications for Verizon Communication's 2017 acquisition of Yahoo.
The first data breach occurred on Yahoo servers in August 2013 and affected all three billion user accounts. Yahoo announced the breach on December 14, 2016. Marissa Mayer, who was CEO of Yahoo at the time of the breach, testified before Congress in 2017 that Yahoo had been unable to determine who perpetrated the 2013 breach.
A year after Yahoo was identified by the American whistleblower Edward Snowden as a frequent target for state-sponsored hackers in 2013, the company hired a dedicated chief information security officer, Alex Stamos. While Stamos' hiring was praised by technology experts as showing Yahoo's commitment towards better security, Yahoo CEO Marissa Mayer had reportedly denied Stamos and his security team sufficient funds to implement the security measures they recommended, and he departed the company by 2015.
During November or December 2014 a hacker, believed by the U.S. Justice Department to be the Russian national Alexey Belan, copied a November 2014 backup of Yahoo's User Account Database, containing details of over 500 million accounts to a computer under his control. The User Account Database included data from over 500 million user accounts, including account names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers through manipulated web cookies. The majority of Yahoo's passwords used the bcrypt hashing algorithm, which is considered difficult to crack, with the rest potentially using older algorithms such as the MD5 algorithm, which could be broken rather quickly.
From October 2014 to at least November 2016, Belan and at least two hackers connected to him accessed user account information and contents for various unlawful actions including searching emails for gift voucher codes, deliberately targeting the accounts of persons of interest, improving the search ranking of businesses they had an interest in, and using the Yahoo data to breach accounts on other platforms such as Gmail. As part of this process, the hackers enlisted Canadian hacker Karim Baratov to break into accounts on other platforms.
In June 2016, it was reported that account names and passwords for about 200 million Yahoo accounts were presented for sale on the darknet market site TheRealDeal. Yahoo stated it was aware of the data and was evaluating it, cautioning users about the situation but did not reset account passwords at that time.
Yahoo data breaches
In 2013 and 2014, Yahoo, an American web services company, experienced two of the largest data breaches in history—yet despite being aware, the company did not disclose them publicly until September 2016.
The 2013 data breach occurred on Yahoo servers in August 2013 and affected all three billion user accounts. The 2014 breach affected over 500 million user accounts. Both breaches are considered the largest ever discovered and included names, email addresses, phone numbers, birth dates, and security questions—both encrypted and unencrypted. When Yahoo made the breaches public in 2016, they acknowledged being aware of the second intrusion since 2014.
These incidents led to the indictment of four individuals linked to the latter breach, including the Canadian hacker Karim Baratov who received a five-year prison sentence and also prompted widespread criticism of Yahoo for their delayed response. The fallout included a U.S. $117.5 million class-action lawsuit settlement, a $35 million fine from the U.S. Securities and Exchange Commission, scrutiny by the United States Congress, and complications for Verizon Communication's 2017 acquisition of Yahoo.
The first data breach occurred on Yahoo servers in August 2013 and affected all three billion user accounts. Yahoo announced the breach on December 14, 2016. Marissa Mayer, who was CEO of Yahoo at the time of the breach, testified before Congress in 2017 that Yahoo had been unable to determine who perpetrated the 2013 breach.
A year after Yahoo was identified by the American whistleblower Edward Snowden as a frequent target for state-sponsored hackers in 2013, the company hired a dedicated chief information security officer, Alex Stamos. While Stamos' hiring was praised by technology experts as showing Yahoo's commitment towards better security, Yahoo CEO Marissa Mayer had reportedly denied Stamos and his security team sufficient funds to implement the security measures they recommended, and he departed the company by 2015.
During November or December 2014 a hacker, believed by the U.S. Justice Department to be the Russian national Alexey Belan, copied a November 2014 backup of Yahoo's User Account Database, containing details of over 500 million accounts to a computer under his control. The User Account Database included data from over 500 million user accounts, including account names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers through manipulated web cookies. The majority of Yahoo's passwords used the bcrypt hashing algorithm, which is considered difficult to crack, with the rest potentially using older algorithms such as the MD5 algorithm, which could be broken rather quickly.
From October 2014 to at least November 2016, Belan and at least two hackers connected to him accessed user account information and contents for various unlawful actions including searching emails for gift voucher codes, deliberately targeting the accounts of persons of interest, improving the search ranking of businesses they had an interest in, and using the Yahoo data to breach accounts on other platforms such as Gmail. As part of this process, the hackers enlisted Canadian hacker Karim Baratov to break into accounts on other platforms.
In June 2016, it was reported that account names and passwords for about 200 million Yahoo accounts were presented for sale on the darknet market site TheRealDeal. Yahoo stated it was aware of the data and was evaluating it, cautioning users about the situation but did not reset account passwords at that time.