Thursday, September 22, 2016 3:06:06 PM
SAN FRANCISCO — Information from at least 500 million Yahoo accounts was stolen from the company in 2014 and the company believes that a state-sponsored actor was behind the hack.
The information may have included names, email addresses, telephone numbers, dates of birth, and, in some cases, encrypted or unencrypted security questions and answers, Yahoo said.
Claims surfaced in early August that a hacker using the name "Peace" was trying to sell the usernames, passwords and dates of birth of Yahoo account users on the dark web — a black market of thousands of secret websites.
Word of the breach is not surprising given the hacker chatter surrounding the company, said Alex Heid, chief research officer at SecurityScorecard, real-time cybersecurity rating and risk monitoring platform.. There have been numerous underground conversations surrounding the tech giant since late June, he said.
The expected confirmation also comes as Yahoo looks to complete its $4.8. billion sale of its core Internet business to media giant Verizon Communications.
Should it prove to be so, and given the unsettled nature of Yahoo's ownership just now, “regulators should be concerned with who will take responsibility for the response to this compromise. It can be easy for the ‘right thing to do’ to slip through the cracks in a multi-billion dollar transition, said Tim Erlin, senior director of IT security and risk strategy at Tripwire, a computer security firm.
Yahoo Chief Executive Officer Marissa Meyer stands to earn as much as $44 million if she leaves the company as part of that deal.
Most consumers might not think there’s much in their Yahoo account that would be of use to hackers, which typically might only include only their email and Yahoo password. However that simple duo offers multiple users for ingenious hackers bent on extracting the maximum value from information, say experts.
First, the password. According to a Gartner survey, 50% of users reuse their passwords across multiple platforms. So armed with an email address and Yahoo password, hackers might be able to gain access to multiple accounts.
The technique is called “credential stuffing” and it’s become epidemic over the last year and a half, said Avivah Litan, a vice president and analyst at Gartner Research.
“The bad guys get lists of user IDs and password and then test them, they run through them at all the sites they want to attack to see where they work,” she says.
Once hackers gain access to other accounts, they are able to assemble dossiers on individuals. These are called “fullz” and include as much information as the hacking group has about a person, assembled from multiple sources over time. Typically they contain the person’s name, Social Security number, birth date, address, birthday, account numbers and other data.
"There are fullz available probably for most of the U.S. population,” said Litan.
The attackers don’t only use that information to go after bank accounts and credit cards, but also less obvious and harder to track information that is still worth money on the black market.
That can include loyalty points at hotel chains and airlines, avatars and points from online games, stored value in coffee cards. Once accessed, all of these can be siphoned off, bundled and then resold.
“They’ve gone low, slow and distributed. You used to be able to see these attacks coming through really quickly after a breach,” said Litan. Instead organized crime groups take their time, harvesting points and value.
“It’s very lucrative,” said Litan.
Recent VZ News
- Verizon Business takes home top honors for its NHL broadcasting innovation at IBC2024 • GlobeNewswire Inc. • 09/19/2024 01:00:00 PM
- Verizon Business partners with Monumental Sports & Entertainment to maintain its best-in-class, tech-forward leadership at Capital One Arena • GlobeNewswire Inc. • 09/17/2024 06:00:00 PM
- Verizon transforms student learning this school year: new innovation labs, STEM workshops and AR app • GlobeNewswire Inc. • 09/17/2024 01:00:00 PM
- Grain Management Welcomes Steven Smith as a Managing Director • PR Newswire (US) • 09/17/2024 12:30:00 PM
- Verizon Frontline survey: Network reliability, 5G, cybersecurity, top of mind for first responders • GlobeNewswire Inc. • 09/17/2024 12:00:00 PM
- Form 424B2 - Prospectus [Rule 424(b)(2)] • Edgar (US Regulatory) • 09/16/2024 07:41:01 PM
- Form 424B2 - Prospectus [Rule 424(b)(2)] • Edgar (US Regulatory) • 09/16/2024 06:49:04 PM
- Verizon donates $25,000 to support wildfire relief efforts in Southern California • GlobeNewswire Inc. • 09/16/2024 03:00:00 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 09/16/2024 12:02:29 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 09/16/2024 12:02:07 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 09/16/2024 12:01:47 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 09/16/2024 12:01:27 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 09/16/2024 12:01:07 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 09/16/2024 12:00:46 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 09/16/2024 12:00:25 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 09/16/2024 12:00:03 PM
- Verizon Business’ award-winning Innovation Sessions head back to the nation’s capital • GlobeNewswire Inc. • 09/13/2024 05:00:00 PM
- Verizon expands 4G, 5G coverage in Savannah, GA • GlobeNewswire Inc. • 09/13/2024 01:00:00 PM
- OpenAI Unveils Strawberry AI Model Series; Boeing Stock Falls 4% Amid Strike; HR Surges 20% on Growth Forecast • IH Market News • 09/13/2024 10:12:55 AM
- Verizon Frontline, Milwaukee PD partner to help ensure public safety during major political event • GlobeNewswire Inc. • 09/12/2024 04:00:00 PM
- Verizon Frontline supports public safety agencies during national political convention • GlobeNewswire Inc. • 09/12/2024 04:00:00 PM
- Form 8-K - Current report • Edgar (US Regulatory) • 09/12/2024 02:00:32 PM
- Verizon Business to showcase 5G’s role in transforming content creation and distribution at IBC2024 • GlobeNewswire Inc. • 09/12/2024 01:00:00 PM
- Form 424B2 - Prospectus [Rule 424(b)(2)] • Edgar (US Regulatory) • 09/10/2024 07:02:37 PM
- Verizon Frontline strengthens its First Responder Advisory Council with newest member • GlobeNewswire Inc. • 09/10/2024 01:00:00 PM
VHAI - Vocodia Partners with Leading Political Super PACs to Revolutionize Fundraising Efforts • VHAI • Sep 19, 2024 11:48 AM
Dear Cashmere Group Holding Co. AKA Swifty Global Signs Binding Letter of Intent to be Acquired by Signing Day Sports • DRCR • Sep 19, 2024 10:26 AM
HealthLynked Launches Virtual Urgent Care Through Partnership with Lyric Health. • HLYK • Sep 19, 2024 8:00 AM
Element79 Gold Corp. Appoints Kevin Arias as Advisor to the Board of Directors, Strengthening Strategic Leadership • ELMGF • Sep 18, 2024 10:29 AM
Mawson Finland Limited Further Expands the Known Mineralized Zones at Rajapalot: Palokas step-out drills 7 metres @ 9.1 g/t gold & 706 ppm cobalt • MFL • Sep 17, 2024 9:02 AM
PickleJar Announces Integration With OptCulture to Deliver Holistic Fan Experiences at Venue Point of Sale • PKLE • Sep 17, 2024 8:00 AM