Share

Yahoo suffers ‘massive’ data breach - report

Hong Kong - Yahoo! is preparing to disclose a “massive” data breach of its main service, Recode reported, just as Verizon Communications prepares to take over the ailing internet company’s core assets.

The break-in was “widespread and serious” and is expected to be disclosed this week, the tech news website said, citing several anonymous sources close to the situation as saying.

Yahoo didn’t respond to phone and e-mailed requests for comment outside of normal business hours.

Such a revelation would confirm earlier reports that the same hacker who’d stolen data from LinkedIn was now selling information from 200 million Yahoo accounts on a dark web marketplace.

The data up for sale included user names, scrambled passwords and birth dates and likely dated from 2012, Motherboard reported in August, citing the cyber-attacker, who went by the name Peace. Yahoo said at the time it was investigating the claim. It’s worth noting, however, that many of the stolen accounts in a sample of data obtained by Motherboard were no longer in use and had been canceled.

The sale of all of the data for just under $2 000 also suggested that the information itself was of little value, either because most of it was obsolete, made-up, or useless because the hackers had already attacked legitimate accounts and exhausted their need for the data.

Whatever the scale of the alleged breach, the incident shows the danger of large datasets spilling into the hacker underground and being used for criminal purposes for years without the breached companies knowing or taking minimal action based on whatever data hackers tell them was taken.

LinkedIn said in May that it was investigating whether a breach of more than 6 million users’ passwords in 2012 was bigger than originally thought, following a hacker’s attempt to sell what was purported to be login codes for 117 million accounts.

The company said that it appeared more data was taken in the initial compromise and that the company was just learning about the larger amount through the hacker’s posting.

Like many Internet companies that have been breached, LinkedIn only reset passwords of everyone it believed was part of the breach at the earlier time, which amounted to 6.5 million users.

It’s unclear what steps, if any, Yahoo has taken since learning about the alleged compromise.

Reports of the security breach come just as Chief Executive Officer Marissa Mayer is about to close a deal that ends the once-dominant internet firm’s independence.

Verizon is acquiring its internet assets for $4.8bn, bringing the web portal together with longtime rival AOL. The telecommunications company will pick up services that still draw 1 billion monthly users, including mail, news and sports content and financial tools.

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
19.00
-0.5%
Rand - Pound
24.02
-0.5%
Rand - Euro
20.51
-0.2%
Rand - Aus dollar
12.35
-0.0%
Rand - Yen
0.13
-0.6%
Platinum
900.15
+0.4%
Palladium
1,000.00
-0.2%
Gold
2,209.06
+0.7%
Silver
24.59
-0.2%
Brent Crude
86.09
-0.2%
Top 40
68,122
+0.7%
All Share
74,310
+0.5%
Resource 10
56,908
+2.2%
Industrial 25
103,615
+0.3%
Financial 15
16,488
-0.2%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders