The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Yahoo Cyber Breach Was Bigger

04 October 2017 | Updated 01 January 1970
 

Yahoo has announced (week ending Oct 6) that it is providing notice to additional user accounts affected by an August 2013 data theft previously disclosed by the company on December 14, 2016.

At that time, Yahoo disclosed that more than one billion of the approximately three billion accounts existing in 2013 had likely been affected. In 2016, Yahoo took action to protect all accounts, including directly notifying users identified at the time, requiring password changes and invalidating unencrypted security questions and answers so that they could not be used to access an account. Yahoo also notified users via a notice on its website.

Subsequent to Yahoo's acquisition by Verizon and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.

While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts.

The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data or bank account information.

The company is continuing to work closely with law enforcement.

"Verizon is committed to the highest standards of accountability and transparency and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats," said Chandra McMahon, Chief Information Security Officer, Verizon. "Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources."

Additional information regarding this issue is available on the Yahoo 2013 Account Security Update FAQs page, https://yahoo.com/security-update.

Yahoo now operates as part of Oath, a subsidiary of Verizon

 

Article written by Brian Shillibeer | Published 04 October 2017

Share



Related Articles

Reported Ransomware Incidents in UK Doubled in 2023

A Freedom of Information request has revealed that there was a resurgence in ransomware-related incidents following a quieter 2022.   In the first six months...

 Read Full Article
Spotlight Interview – Francis West | Security Everywhere

Francis West is CEO of Security Everywhere, a company which helps SMEs to secure their money, data and reputation with managed security services. Francis is a trusted...

 Read Full Article
Interserve Fined £4.4m for Failure to Keep Staff Details Secure

The UK’s IT security watchdog has fined Interserve for breaching data protection law and failing to prevent a cyber attack. The Information Commissioner’s...

 Read Full Article
How to Identify and Address IoT Security Weaknesses

Data-driven facilities management is now the expected norm, but security concerns about IoT systems still remain amongst FMs and tenants. The Internet of Things (IoT)...

 Read Full Article
NHS IT Services Supplier Victim of Ransomware Attack

It has been confirmed that a ransomware attack is causing a major outage for NHS IT systems. Services affected include software used by NHS 111 and other patient notes...

 Read Full Article
Smart Buildings at Increased Risk of Cyber Attacks, Says Verdantix

The operational technology that powers connected devices across building systems is providing more entry points for cyber criminals to exploit, says research and advisory...

 Read Full Article
BESA Tightens Security After Fraud Incident

The Building Engineering Services Association (BESA) says it has carried out a thorough review of the security procedures behind its online training schemes...

 Read Full Article
Critical Log4j Vulnerabilities Affect Real Estate Software

Critical vulnerabilities in open-source software pose potential risks for a wide range of businesses, governments and individuals. Log4shell, the vulnerability...

 Read Full Article
Is Cybersecurity a Home Working Health and Safety Issue?

Bureau Veritas is urging businesses who are remote working to prioritise cybersecurity as a health and safety risk. As Britain looks set to embrace a long-term shift...

 Read Full Article
24% of Planners Say Smart Cities Will be a Security Challenge 

Urban design professionals believe that the use of smart technology in public spaces could pose a security threat. Smart city technology can bring a great many...

 Read Full Article