 |
| FLICKR |
Yahoo says "state-sponsored" hackers stole information from about 500 million users in what appears to be the largest publicly disclosed cyber-breach in history.
The breach included swathes of personal information, including names and emails, as well as “unencrypted security questions and answers”.
The hack took place in 2014 but has only now been made public.
The FBI has confirmed it is investigating the claims.
Stolen data includes names, email addresses, telephone numbers, dates of birth and encrypted passwords, but not credit card data, Yahoo said.
It said the information was "stolen by what we believe is a state-sponsored actor" but did not say which country it held responsible.
Password change urged
News of a possible major attack on the technology firm emerged in August when a hacker known as "Peace" was apparently attempting to sell information on 200 million Yahoo accounts.
On Thursday, Yahoo confirmed the breach was far bigger than first thought.
Yahoo is recommending all users should change their passwords if they have not done so since 2014.
In the UK, ISPs Sky and BT issued warnings for customers that they may be affected by the breach as Yahoo provides email services for both ISPs. Sky advised all its customers to change their passwords as Yahoo is behind all Sky.com email accounts.
BT said it was carrying out its own investigation but advised the "minority" of its customers who use Yahoo mail to change their passwords.
In July, Yahoo was sold to US telecoms giant Verizon for $4.8bn (£3.7bn).
Verizon told the BBC it had learned of the hack "within the last two days" and said it had "limited information".
It added: "Until then, we are not in position to further comment."
Yahoo said in a statement: "Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry."
Reuters reported three unnamed US intelligence officials as saying they believed the attack was state-sponsored because it was similar to previous hacks linked to Russian intelligence agencies.
Nikki Parker, vice-president at security company Covata, said: "Yahoo is likely to come under intense scrutiny from regulators, the media and public and rightly so. Corporations can't shy away from data breaches and they must hold their hands up and show that they are committed to resolving the problem."
She added: "Let's hope the ink is dry on the contract with Verizon."
Top 10 previous breaches
- MySpace accounts - 359m
- LinkedIn accounts - 164m
- Adobe accounts - 152m
- Badoo accounts - 112m
- VK accounts - 93m
- Dropbox accounts - 68m
- tumblr accounts - 65m
- iMesh accounts - 49m
- Fling accounts - 40m
- Last.fm accounts - 37m
Source - haveibeenpwned.com
Questions are being asked about the length of time it took Yahoo to fully acknowledge the breach.
"It is really worrying that a breach from 2014 can have gone undetected for so long," said Prof Alan Woodward from the University of Surrey.
"It is also surprising the public statement took so long to appear."
"I would have thought most companies had learned by now that early disclosure is better, even if you have to revise and update as you learn more."
The scale of the hack eclipses other recent, major tech breaches - such as MySpace (359 million), LinkedIn (164 million) and Adobe (152 million).
0 comments:
Post a Comment