Hardly a day goes without headlines about any significant data breach. In past year, billions of accounts from popular sites and services, including LinkedIn, Tumblr, MySpace, Last.FM, Yahoo!, VK.com were exposed on the Internet.
Now login credentials and other personal data linked to more than one Million Yahoo and Gmail accounts are reportedly being offered for sale on the dark web marketplace. The online accounts listed for sale on the Dark Web allegedly contain usernames, emails, and plaintext passwords. The accounts are not from a single data breach; instead, several major cyber-attacks believed to have been behind it.Read more
Yahoo CEO Marissa Mayer said she'll forego her 2016 bonus and any stock award for this year after the company admitted it failed to properly investigate hack attacks that compromised more than a billion user accounts.
"When I learned in September 2016 that a large number of our user database files had been stolen, I worked with the team to disclose the incident to users, regulators, and government agencies," she wrote in a note published Monday on Tumblr. Her note came as Yahoo for the first time said that outside investigators identified about 32 million accounts for which forged browser cookies were used or taken in 2015 and 2016.Read more
Yahoo is warning users of potentially malicious activity on their accounts between 2015 and 2016, the latest in a string of cybersecurity problems faced by the technology company.
The measure comes two months after the company revealed that data from more than 1bn user accounts had been compromised in August 2013, the largest such breach in history. The number of affected accounts was double the number implicated in a 2014 breach the internet company disclosed in September and blamed on state-sponsored hackers. Yahoo believes that the cookie-forging activity is linked to the same state-sponsored hackers.Read more
Some time around August 2013, hackers penetrated the email system of Yahoo, one of the world’s largest and oldest providers of free email services.
The attackers quietly scooped up the records of more than 1 billion users, including names, birth dates, phone numbers and passwords that were encrypted with an easily broken form of security. The intruders also obtained the security questions and backup email addresses used to reset lost passwords — valuable information for someone trying to break into other accounts owned by the same user, and particularly useful to a hacker seeking to break into government computers around the world.Read more
Yahoo today disclosed another mega breach of its systems, this one occurring in August 2013 and resulting in the loss of data associated with more than one billion user accounts. Today’s revelation comes less than three months after Yahoo admitted state-sponsored hackers walked off in 2014 with data from 500 million accounts.
Yahoo chief information officer Bob Lord said in a statement that the two incidents are separate from each other, but some of the activity has been connected to the same state actor Yahoo said was responsible for the 2014 intrusion. “We have not been able to identify the intrusion associated with this theft,” Lord said.Read more
Yahoo has patched a critical security vulnerability in its Mail service that could have allowed an attacker to spy on any Yahoo user's inbox. Jouko Pynnönen, a Finnish Security researcher from security firm Klikki Oy, reported a DOM based persistent XSS in Yahoo mail, which if exploited, allows an attacker to send emails embedded with malicious code.
In his blog post published today, the researcher demonstrated how a malicious attacker could have sent the victim's inbox to an external site, and created a virus that attached itself to all outgoing emails by secretly adding a malicious script to message signatures.Read more
As any investigator can tell you, it's not just what you knew, but when you knew it. Yahoo admitted that not long after a hack in 2014 some of its employees were aware a state-sponsored hacker had breached its network.
The revelation is sure to cast a larger shadow over Verizon's $4.8 billion deal to acquire the company. Yahoo said that an investigation had uncovered the theft of personal information associated with at least a half billion Yahoo accounts, the biggest data breach in history. The company said at the time that it discovered the massive intrusion after a hacker claimed in August to have snatched 200 million Yahoo usernames and passwords in an earlier hack.Read more
Web giant Yahoo has filed a patent application for the ultimate ad-targeting system: a billboard that uses sensors to watch, listen and capture biometric data from the passing public.
Yahoo, still in damage control from this week's claims that it helped the government spy on its email users, has filed a patent for smart technology that brings online ad-targeting capabilities to public billboards. The billboards would have cameras, microphones, motion-proximity sensors, and biometric sensors, such as fingerprint or retinal scanning, or facial recognition, according to the patent, which was filed last year but published on Thursday.Read more
Someone in mid-2015 had installed software that scanned emails containing a string of characters, just as a nation state hacker might if they sought specific information without having to go through each message manually.
It turned out, though, that unlike a recently-revealed 2014 attack, a foreign state was not to blame. Instead, Yahoo executives helped the US government install a tool that would scan every email for that string, still unknown outside of those who carried out the surveillance project. CEO Marissa Mayer and her lawyers decided not to tell the Yahoo security team, a group called the Paranoids well-known for its dislike of invasive state surveillance.Read more
Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by US intelligence officials.
The company complied with a classified US government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the NSA or FBI, said three former employees and a fourth person apprised of the events. Some surveillance experts said this represents the first case to surface of a US Internet company agreeing to an intelligence agency's request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.Read more