Yahoo announced today it is providing notice to its users’ affected by data theft in August that was previously disclosed by the company.
The web service provider revealed 3 billion accounts existing since 2013 had likely been affected by stolen data.
As well as notifying users on its website, Yahoo took action to protect all its accounts in 2016 by notifying impacted users, requiring password changes and invalidating unencrypted security questions and answers.
Following Yahoo’s acquisition by Verizon, the company recently obtained new intelligence.
‘An evolving landscape of online threats’
Chandra McMahon, chief information security officer at Verizon, said: “Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats.
“Our investment in Yahoo is allowing the team to continue taking significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”
The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information.
Ilia Kolochenko, CEO of High-Tech Bridge, added: “Taking into consideration the integrity of Yahoo user accounts one can reasonably infer that Yahoo ignored the fundamental principles of access segregation, continuous security monitoring and related security processes.
‘Cyber security is pivotal for digital businesses’
“Therefore, it’s a bit hard to believe that the sensitive information related to these accounts remained safe.
“Moreover, even hashed passwords can be brute forced and then leveraged by attackers. Information like date of births or answers to secret questions can be a universal door opener for cyber criminals.
“Yahoo has learned a very hard lesson and served an example to others that cyber security is pivotal for digital business.”
The company is continuing to work closely with law enforcement.
Written from press release by Leah Alger