View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 10, 2016

Yahoo hacked again? Probe launched on data breach claims

It said that a state-sponsored actor was involved in 2014 cyber attack.

By CBR Staff Writer

Yahoo has announced that it is investigating a new claim made by US law enforcement authorities over a new potential breach of its user account data.

The authorities are said to have received the information from a hacker who claimed that it was related to Yahoo.

The company said in a regulatory filing that it is taking the help of forensic experts to analyse and investigate the hacker’s claim that the data is Yahoo user account data.

Yahoo has also updated investors on a massive cyber attack that was revealed in July.

In September, the company disclosed that certain user account information for at least 500 million user accounts was stolen from its network in late 2014.

Also on CBR: Post-breach forensics: How did Yahoo get hacked?

The cyber attack issue came at a time when the company was preparing to sell its core web services to Verizon Communications for approximately $4.83bn in cash.

In the filing, the company said that the user account information was stolen by a state-sponsored actor.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Yahoo said: “The company had identified that a state-sponsored actor had access to the company’s network in late 2014.”

The user account information that was hacked included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

The forensic experts are currently examining certain evidence and activity that indicates an intruder created cookies that could have allowed him to bypass the need for a password to access certain users’ accounts or account information.

However, the firm said that the investigation conducted on the cyber attack indicated that the stolen information did not include unprotected passwords, payment card data, or bank account information.

Yahoo said in the filing: “Payment card data and bank account information are not stored in the system that the investigation found to be affected.

“Based on the investigation to date, we do not have evidence that the state-sponsored actor is currently in or accessing the company’s network.”

The company incurred expenses $1 million related to cyber attack in the quarter ended 30 September 2016.

Regarding the Verizon deal, Yahoo said that it is expected to close in the first quarter of 2017.

Also on CBR: World’s biggest data breach: 6 possible consequences for Yahoo!

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.