Wednesday, December 28, 2016 by D. Samuelson
A second security hack in the personal business of over one billion users of Yahoo doesn’t seem to bother an unnamed Yahoo spokesperson, reports the Wall Street Journal, who says he remains “confident in [Yahoo’s] value,” as they continue work on selling Yahoo’s $4.83 billion dollar “core internet business” to Verizon. That deal is still expected to close in the first quarter of 2017. It might, however, bother a few of those billion people who have shared even more billions of bits and bytes of data through their Yahoo.com email addresses.
This isn’t the first time Yahoo information has been hacked, according to Cnet.com. In 2014, Yahoo had already experienced what was dubbed the “worst hack ever.” In this event, 500 million email accounts, along with passwords (some encrypted), birthdays, some security questions with answers and phone numbers were stolen. Yahoo had blamed that attack on a “state sponsored actor,” though no details have been forthcoming. This new information concerning the successful hack of one billion accounts, however, took place in 2013, even before the 500 million breach was revealed.
As reported by Wired, forged cookies were used in both hacks, and the two events could be very closely related. Jeremiah Grossman worked for Yahoo as an information officer in the early 2000s. Now he works for Sentinel One as the chief of security strategy. He says that details that have become available via Yahoo indicate that “there’s confusion, there’s frustration, and there isn’t a lot of support for the security team.” Wired also reminds us that the internet is used by three billion people. To have one-third of all internet users hacked is quite a statement of vulnerability.
Yahoo keeps its financial data stored in separate systems, so the good news is that no bank account or credit card numbers were victim to the cyber attack. The Wall Street Journal reminds Yahoo users to “review all of their online accounts.” Security questions and answers, along with passwords, especially if they are similar to the ones used at Yahoo, should be immediately changed. As always, Yahoo warns users against downloading or opening any attachment or email that looks suspicious,. In the meantime, Verizon may do their best to negotiate a slightly lower price on what could be considered a tarnished asset.