Canadian ‘hacker-for-hire’ pleads guilty to Yahoo breach

Former Yahoo! CEO Marissa Mayer is seen above in this 2014 file photo

During the second half of 2016, Yahoo! reported two major data breaches perpetrated by hackers.

In September 2016, the company said that at least 500 million of its accounts were hacked in 2014 by what it believed was a state-sponsored actor, a theft that appeared to be the world’s biggest known cyber breach by far. 

Cyber thieves may have stolen names, email addresses, telephone numbers, dates of birth and encrypted passwords, the company said. 

But unprotected passwords, payment card data and bank account information did not appear to have been compromised, signaling that some of the most valuable user data was not taken. 

In December 2016, it was learned that an even bigger breach took place in August 2013.

The company admitted last month that all three billion of Yahoo!’s users were affected by the 2013 data theft that the company originally said had only affected 1 billion users.

The additional two billion data theft victims came to light as Yahoo! was being integrated with Verizon, which bought the company in June for $4.5billion.

‘During integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,’ the company said in a statement posted on its website. 

The investigation found that the stolen user account information did not include passwords in clear text, payment card data, or bank account information.

‘While this is not a new security issue, Yahoo! is sending email notifications to the additional affected user account, the firm said.

‘The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information.

The company said it ‘is continuing to work closely with law enforcement’.

Yahoo! said it would send email notifications to the additional affected user accounts.

‘Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,’ said Chandra McMahon, Chief Information Security Officer, Verizon. 

‘Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.’ 

‘Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry,’ Yahoo! said in a statement at the time of the attacks.

Source: Reuters,