The Latest in IT Security

Yahoo breaches – what were the signs?

22
Dec
2016
Yahoo breaches – what were the signs?

yahoo-data-breach_converted

Yahoo breaches have become similar to Adobe Flash patches – one seems to hear about them endlessly. The company strives to explain and investigate. Yet there is even more to add to the damage report as time goes by.

On top of this, cyber scammers and cyber-attackers may well take advantage of the user’s panic to launch new attacks. As USA Today warns, there might be incidents of malicious emails masquerading as Yahoo. Once users click on the enclosed link, or access the attachment, it’s malware party from there on.

Therefore, protect yourselves. Furthermore, keep informed. We will review the main Yahoo breach moments in our following article.

Incidents history and impact

From what the company disclosed, there were two different data breaches. One took place in 2013, the other one in 2014. Yahoo disclosed both incidents in 2016, right after the Verizon deal. There were quite some debates on the exact moment Yahoo became aware of the breaches, and the role played by this in the entire process of acquisition. Perhaps the moment of realization considerably preceded the public announcement, perhaps not. According to WSJ and other sources, Marisa Mayer knew about the breach since July 2016, but withheld it from the investors, regulators and Verizon representatives.

Whatever the case, the announcements shocked the industry, due to the fact that the target-company has quite a renown. The high number of users, the fact that not long ago Yahoo was the main connectivity tool, the way that Facebook, Twitter or Skype are nowadays, all these increased the impact.

Yahoo breaches in figures

Let’s review a few numbers. The data breach from 2014 affected over 500 million user accounts. The one reported later, that took place in 2013, affected over 1 billion user accounts. The stolen data comprised personal identifiable information (PII), including telephone numbers and email addresses.

Verizon agreed to buy Yahoo for $4.8 million in July 2016. They claim to have received information about the first data breach, dating back to 2014, only 2 days prior to the public disclosure. The company has issued no public statement following the news regarding the 2014 cyber incident. In October there was a mention about going on with the initial deal, but reviewing some of its terms.

Following the December 2016 disclosure of the second data breach (chronologically, the first one that took place, in 2013), Yahoo “came under renewed scrutiny by federal investigators and lawmakers”. As Fortune mentioned, the shares fell by more that 6 percent. Verizon is now looking for major concessions in what the initial deal with Yahoo is concerned. They issued a brief statement in which they spoke of a review of the final impact “before reaching any final conclusions”.

As you can see, we are again faced with large-scale effects that sprung from the two the cyber-security incidents in this case.

What happened to the stolen data?

It seems like the 2014 incident became public at the moment when the stolen data reached the Darknet market. About 200 million accounts for sale appeared in July 2016. The seller, nicknamed “Peace” (or, even more ironical, “Peace of Mind”), gave a couple of confidential interviews to the Vice and Wired publications. Further details and alternative theories on the entities that orchestrated the attack are available online. They range from state-sponsored actors and nation-state heist authors to dismissal of such hypotheses. We are dealing with a lot of speculation for now, since there is not an official investigation result yet released.

When searching for the interviews, we also found this Wired feature from 9 June. It predates the Yahoo breach awareness moment. The hacker speaks of the LinkedIn data breach from 2012 and the MySpace data theft from 2013.

Here you can access the Vice piece on Peace released in August 2016. They quote the cyber-criminal, although it cannot be considered an interview per se.

Specialists analyzed the incident and concluded that professional hackers were behind it. The stolen information is likely to be “exploited for espionage and information warfare“.

Other researchers explained how they have flagged Yahoo as “cryptographically broken and unsuitable for further use” for years. They also detailed the way security questions’ stolen answers could be used in further cyber-attacks. The former Yahoo users might find out that the same cyber intruders use this data to breach some of their other online accounts.

What were the signs pointing to the Yahoo breaches?

From a user’s point of view, the signs may have consisted in noticeable irregularities. From let’s say, an irregularly high amount of spam messages to not being able to access the account, any abnormality could count as a sign that something is wrong.

Once the malicious activities managed to alert at least some Yahoo officials, the prompting for password exchange activities probably began. Each of us who owned at least one Yahoo account can go back and remember the frequency they requested users to confirm their accounts, secure them, change the password and so on.

There were discussions on online forums on how Yahoo did not accept just any new password. People were annoyed by the amount of time spent setting up new passwords, and introducing their phone number and/or other email address when asked for.

This unusual activity and its repetitive character clearly pointed out that something wrong was going on, cyber-security wise. We can only hope that at least the first security reinforcement measures were issued by the company itself. Or was it the hackers, throwing their net to catch even more data that did not come with the initial accounts? Due to the unsatisfactory attitude of the Yahoo people, such details are not yet clear. You can read here more about the method allegedly used by hackers to break into the accounts.

Nevertheless, when almost 3 years have gone by now, it is perhaps hard to remember just how the intrusion felt on the users’ side. Can you remember any unusual Yahoo account-related interactions dating back to 2013?

Leave a reply


Categories

SATURDAY, MARCH 25, 2017

Featured

Archives

Latest Comments

Social Networks