Yahoo is warning users of potentially malicious activity on their accounts between 2015 and 2016, the latest in a string of cybersecurity problems faced by the technology company.
The measure comes two months after the company revealed that data from more than 1bn user accounts had been compromised in August 2013, the largest such breach in history. The number of affected accounts was double the number implicated in a 2014 breach the internet company disclosed in September and blamed on state-sponsored hackers. Yahoo believes that the cookie-forging activity is linked to the same state-sponsored hackers.Read more
Some time around August 2013, hackers penetrated the email system of Yahoo, one of the world’s largest and oldest providers of free email services.
The attackers quietly scooped up the records of more than 1 billion users, including names, birth dates, phone numbers and passwords that were encrypted with an easily broken form of security. The intruders also obtained the security questions and backup email addresses used to reset lost passwords — valuable information for someone trying to break into other accounts owned by the same user, and particularly useful to a hacker seeking to break into government computers around the world.Read more
As any investigator can tell you, it's not just what you knew, but when you knew it. Yahoo admitted that not long after a hack in 2014 some of its employees were aware a state-sponsored hacker had breached its network.
The revelation is sure to cast a larger shadow over Verizon's $4.8 billion deal to acquire the company. Yahoo said that an investigation had uncovered the theft of personal information associated with at least a half billion Yahoo accounts, the biggest data breach in history. The company said at the time that it discovered the massive intrusion after a hacker claimed in August to have snatched 200 million Yahoo usernames and passwords in an earlier hack.Read more
Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by US intelligence officials.
The company complied with a classified US government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the NSA or FBI, said three former employees and a fourth person apprised of the events. Some surveillance experts said this represents the first case to surface of a US Internet company agreeing to an intelligence agency's request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.Read more
Malware authors can be quite creative when it comes to avoiding security researchers, but after almost three decades of malware analysis, there are malware families that manage to surprise infosec professionals once in a while.
Such is the case of a backdoor trojan that Palo Alto Network has detected in two separate cyber-espionage campaigns. While low-quality malware uses IP addresses hardcoded in its source code, top-shelf threats use dynamic domain name generation algorithm in order to hide the real C&C server IP addresses under ever-changing domain names.Read more
At least half a billion Yahoo accounts have been breached by what investigators believe is a nation-sponsored hacking operation.
Attackers probably gained access to a wealth of holders' personal information, including names, e-mail addresses, phone numbers, birth dates, answers to security questions, and cryptographically protected passwords. With at least 500 million accounts included in Yahoo's official statement, the breach is among the biggest ever to hit a single Web property. Yahoo is also in the process of notifying potentially affected account holders of the breach and asking them to promptly change their passwords.Read more
A notorious cybercriminal is advertising 200 million of alleged Yahoo user credentials on the dark web, and the company has said it is “aware” of the hacker’s claims, but has not confirmed nor denied the legitimacy of the data.
The hacker known as Peace, who has previously sold dumps of Myspace and LinkedIn, listed supposed credentials of Yahoo users on The Real Deal marketplace. Peace told that he has been trading the data privately for some time, but only now decided to sell it openly. “We are aware of a claim,” a Yahoo spokesperson told in an email, before the data was made public. The company did not deny that the customer details were Yahoo users.Read more
A strain of French-language cyber espionage malware spotted by security researchers shows that the National Security Agency isn’t the only spook agency brewing custom bad things to steal sensitive and personal data.
The malware was tied to a spying exercise codenamed Operation Snowglobe, which also spawned a seemingly related remote access trojan codenamed EvilBunny. Implants associated with Snowglobe are more advanced than Babar itself, which Canadian spies discovered in November 2009. Babar’s feature set includes keystroke logging, clipboard logging, screenshot snapping and, more unusually, the possibility to log audio conversations held through Skype messenger.Read more
A secret and scrappy court battle that Yahoo launched to resist the NSA’s PRISM spy program came to an end in 2008 after the Feds threatened the internet giant with a massive $250,000 a day fine if it didn’t comply and a court ruled that Yahoo’s arguments for resisting had no merit.
The detail of the threat became public after 1,500 pages worth of documents were unsealed in the case, revealing new information about the aggressive battle the Feds fought to force the company to bow to its demands. Yahoo fought to unseal the case documents to provide better transparency about the government’s data collection programs.Read more
Google’s handling of “right to be forgotten” requests from European citizens will come under fire from the continent’s privacy watchdogs on Thursday, after the search engine restricted the removal of Internet links to European sites only.
European data protection authorities are meeting representatives of Google, Microsoft, which operates the Bing search engine, and Yahoo to discuss the implementation of the landmark ruling from Europe’s top court upholding people’s right to request that outdated links be removed from Internet search results. European Union privacy watchdogs have several concerns on the way the ruling, which has pitted privacy advocates against free speech defenders, is being implemented, particularly by Google, according to a person familiar with the matter.Read more