Yahoo admits one billion accounts exposed in a newly discovered data breach

The tech giant Yahoo admitted crooks have probably stolen details from more than a billion user accounts, and the incident is not linked to previous ones.

Bad news for Yahoo!, the company admitted crooks have probably stolen details from more than a billion user accounts. In 2013, hackers broke into the systems of Yahoo and accessed one billion user accounts containing names, addresses, phone numbers, and hashed passwords easy to crack. The passwords were protected with MD5 hashing algorithm that is easy to crack, the leaked data also include some encrypted and cleartext security questions and answers have been compromised too.

The company is urging its customers to reset their passwords.

According to the Yahoo CISO, Bob Lord, data is genuine and this discovery is not linked to past data breaches. The company dates the incident back in August 2013 and blames an unauthorised third party that it hasn’t identified.

“We analysed this (stolen) data with the assistance of outside forensic experts and found that it appears to be Yahoo user! data,” Lord says.

“Based on further analysis of this data by the forensic experts, we believe an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts.

“We have not been able to identify the intrusion associated with this theft. “

The incident is alarming if we also consider past breaches alleged suffered by the Tech Giant.

“The number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government. News of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc to say in October that it might withdraw from an agreement to buy Yahoo’s core internet business for $4.83 billion.” reported the Reuters.

It seems that no financial data was exposed in the incident, anyway we have to consider that Yahoo users are not exposed to a great potential risk of attacks such as identity theft. Crooks can exploit stolen data to target users with social engineering attacks and launch spear phishing campaigns.

Of course, the news will have a significant impact on the acquisition of the company by Verizon because the hackers have stolen the main asset of the tech giant, the data. Analysts speculate a possible interference with the announced $4.8 billion sale of the company to Verizon.

“we will review the impact of this new development before reaching any final conclusions.” commented Verizon.

A Yahoo spokesman told Reuters that the company has been in communication with Verizon during its investigation, he is confident the data breach will not affect the acquisition.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – 1 Billion Yahoo accounts, hacking)