Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Yahoo Revises Massive Data Breach Impact from 1B to 3B Users

    By
    Sean Michael Kerner
    -
    October 3, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Yahoo Data Breach 2

      On Oct. 3, Yahoo now part of Verizon’s Oath business unit, publicly disclosed that all of its users were impacted by a data breach in August 2013. Oath estimates that information on three billion users was stolen by attackers in the breach.

      The three billion figure for the data beach is a dramatic increase from the initial figures provided by Yahoo when the breach was first revealed. In December 2016, Yahoo publicly reported that the breach occurred in August 2013 impacting one billion users.

      “Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” the company stated.

      Verizon completed its acquisition of Yahoo on June 13, in a deal valued at $4.5 billion. After the close, Verizon integrated Yahoo along with AOL into the new Oath business unit. 

      “Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” Chandra McMahon, Chief Information Security Officer at Verizon stated. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”

      After the December 2016 disclosure of the August 2013 breach, Yahoo took several actions to help mitigate risk. Those actions includes forcing users that had not updated passwords since August 2013 to do so. Additionally Yahoo invalidated unencrypted security questions, to help prevent attacks.

      The new disclosure that all of Yahoo’s users were impacted by the August 2013 breach, follows years of speculation about multiple breaches at the company with varying impact. In September 2016, Yahoo first officially confirmed that it was the victim of a data breach that occurred in 2014 impacting 500 million users. Yahoo in the past had stated that the 2013 and 2014 breaches were separate incidents.

      Security experts contacted by eWEEK were not entirely surprised by the new disclosure that all of Yahoo’s three billion users were breached.

      “This is certainly not a surprise,” Peter Tran, General Manager and Senior Director at RSA Security told eWEEK. ” Any breach at this scale is highly sophisticated and complex as hackers and cyber-criminals tend to have well established beach heads in advance to move freely undetected for command and control of user account/credentials.”

      Tran added that it’s only when the blind spots are uncovered as part of a breach response effort, that the full impact is discovered.

      Chris Roberts, Chief Security Architect at Acalvio also isn’t surprised about the new Yahoo hack disclosure. “Frankly, this isn’t a surprise given how well they were violated,” Roberts told eWEEK. “It is a surprise that they took so long to work it out.”

      While Yahoo has already taken steps to protect users, there are multiple additional best practices users can taken to help limit risk from any breach of user information. Tran suggests that Yahoo users reset passwords and follow guidelines for recommended length and complexity.  He also recommends the use of two-factor authentication. 

      Roberts suggests that users have unique passwords for all their accounts and change those passwords regularly. Nathan Wenzler, Chief Security Strategist at AsTech Consulting echoed Roberts recommendation on passwords and noted that not reusing passwords helps to prevent a data breach at one site resulting in the attackers ability to log in everywhere else a user password works and cause even more damage to finances and personal information. 

      “Additionally, as we are still reeling from the effects of the recent Equifax breach, consumers should be freezing their credit records with all three credit bureaus to minimize the potential for financial losses,” Wenzler told eWEEK. “While the type of data in the Yahoo breach isn’t necessarily financial information, it could easily be used to help create an identity for an attacker to support their attempts to use data stolen from Equifax or other places to apply for new loans, open new credit card accounts and perform other fraudulent activities.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×