Shocking details of Yahoo Hacking revealed: It seemed Yahoo has lost count over how many " of its user accounts were compromised as hackers managed to get details of more than than 1 billion user accounts. That's double the number affected by a hack revealed by the company in September 2016. According to Yahoo" Stolen data included" users' names, email addresses, telephone numbers, dates of birth, and encrypted passwords. Those passwords are scrambled up with an encryption tool called MD5, which experts say is possible to crack with some patience. The data also included some security questions and answers, some of which weren't encrypted.The stolen data is believed to include information for over 150,000 US government and military employees according to Bloomberg . These include former White House staff, congressmen and their aides, FBI agents, officials at the National Security Agency, the Central Intelligence Agency, the Office of the Director of National Intelligence, and each branch of the US military.
This enormous data hacked apparently happened in 2013. Earlier Yahoo announced a separate data breach in September this year, in which hackers in 2014 swiped user information from half a billion accounts, it was said to be the biggest cybersecurity breach ever.
Meanwhile a security researcher Jouko Pynnönen had reported a vulnerability in Yahoo! Mail via bug-bounty organizers HackerOne and bagged $10k after discovering and reporting a serious flaw in Yahoo! Mail that could have been exploited by crooks to read victims' messages.The flaw – fixed in production late last month– could be exploited simply by tricking your target into opening a booby-trapped mail. The same vulnerability could also be abuse to spread malware, as a blog post by Pynnönen explains: The flaw allowed an attacker to read a victim's email or create a virus infecting Yahoo Mail accounts, among other things. The attack required the victim to view an email sent by the attacker. No further interaction (such as clicking on a link or opening an attachment) was required
Andrew Komarov who was working with InfoArmor saw a Eastern European hacker group sell the Yahoo database three times - and he intercepted the database and notified to to the Government reports dailymail In the meanwhile Yahoo's chief information security officer Bob Lord says that the company hasn’t been able to determine how the data from the one billion accounts was stolen. 'Yahoo badly screwed up,' Bruce Schneier, a cryptologist and one of the world's most respected security experts, said after the internet company's latest disclosure. |
No comments:
Post a Comment