Stratospheric at Yahoo Hack: more than a billion of accounts affected
Yahoo feared to have suffered, in 2013, a massive flight data unrelated to piracy announced in September and the extent of which was already noticeable.
Record broken for Yahoo .
The Internet group was convinced to have suffered in the summer of 2013, a hacker who exposed the information associated with more than one billion accounts of users.
The results of the survey conducted with computer security experts, the incident is “probably unconnected” with the massive data theft * formalized end of September … and whose balance sheet was already unprecedented (at least 500 million accounts).
These conclusions are based on analysis of information sent last month by security forces, who themselves had received from a “third person”.
The list includes names, phone numbers, birth dates, email addresses, words from past encrypted with MD5 (more vulnerable than bcrypt that Yahoo was just beginning to develop in the summer 2013) and, “in some cases, safety issues [to reset the password, note], we not encrypted.” However, no payment data and banking information, “stored elsewhere.”
The affected users are prompted to change their password. Any security issues that they had identified were removed if they were not encrypted.
Yahoo took the opportunity to provide some additional details about the hack announced in September.
The latest quarterly report of the company was mention of a “controlled by a State ‘agent and would have created such cookies to access recurrently certain data without having to identify themselves.
This track is confirmed. The agent would be able to access proprietary code and so to understand how to design cookies … said he would also recently reused.
* Yahoo retained as such, charges a million dollars on its accounts for the 3 th quarter. The firm is particularly concerned that the episode would call into question the agreement to $ 4.8 billion signed in late July with Verizon, which has acquired its main activities in Web services.