Yahoo said on Thursday night that about 500 million of its users were exposed to a cyber attack that occurred two years ago, in 2014, and that some of their information has been stolen by those responsible for this attack. The breach of confidentiality, in what the BBC claims to be the largest cyber attack some day publicly disclosed, included the theft of personal information of users, such as names and e-mail as well as “questions and answers, security, non-encrypted,” the company said, referring to the fact that it seems to have been “sponsored by a State” but without further details.
The multinational cyber, which in July was acquired by the giant telecommunications Verizon for 4.8 billion dollars (4.3 billion euros), ensures that the data of the credit cards of its customers were not stolen. The FBI has confirmed it is investigating the cyber attack.
In may, a young hacker Russian gabara in a forum to have stolen the information from the emails and passwords of 272 million internet accounts, including users of Yahoo Mail in addition to Hotmail from Microsoft and Gmail from Google.
“The information is tremendous and this person showed to be willing to give the data to people who speak well of him,” said at the time Holden Security, a company of computer security based in the United States that is known for the recovery of large sources of data stolen by hackers from eastern Europe.
the company said yesterday that “the data on Yahoo that have been stolen are critical, not only because they are integrated into a single system, but also because it leaves the discovered the connections of the users to their bank accounts, profiles, social networks, other financial services, and to the names of friends and family,” explains Alex Holden, founder of Holden Security, quoted by the “New York Times”. “This is one of the biggest privacy breaches of the people, and was very thorough.”
The first suspicions arose in August, when a hacker known as “Peace” tried to sell the information of 200 million accounts, Yahoo. The company says that the security breach has reached far more users than initially thought, and that among the stolen data, if you count not only names and e-mail accounts of users, such as your phone numbers, birth dates, and even passwords that are encrypted.
Yahoo, which has one billion users monthly, is to recommend those who did not change their passwords since 2014 do so with urgency, but the apparent concern for his safety does not invalidate the criticism by the delay in the detection and confirmation of this attack.
“it Is very worrying that a security breach of 2014 may have been for detect so much time,” says Alan Woordward, specialist at the University of Surrey, quoted by the BBC. “It is also surprising that a public announcement has taken so long to appear. Would depart from the principle that the majority of the companies already had time to learn that the sooner they announce [that were the target of this type of cyber-attacks], the better, even if they have to go by reviewing and updating what you know. I can understand a delay of a few days to confirm if a security breach is genuine, since it is increasingly common for there to be disclosures of the false data, but six weeks seems too long.”
at The same british channel, Verizon reasoned that as soon as I learned of the cyber attack had “limited information” about the case. “Let’s do avalições to the extent that the research proceeds with the general interests of Verizon safeguarded, including consumers, customers, shareholders, and related communities”, the company said in a statement. “Until then, we are not in a position to make further comment”.
In another press release, Yahoo said that “the intrusions online, and the theft [of ciberdados] for actors sponsored by States is becoming increasingly common in the technology industry.”
The Reuters advances that three senior officials of the intelligence community of the United States believe that the attack was sponsored by a State because it was at all similar to previous cyber-attacks linked to the secret services of Russia.
“The Yahoo will likely come under intense scrutiny from regulators, the media and the public, and with good reason,” argues Nikki Parker, vice-president of the company’s cyber security Covata. “Big companies can’t get away from data breaches, and must raise their hands and show that they are committed to the resolution of the problem. Hopefully the ink is already dry on the contract with Verizon,” added the expert in cybersecurity, referring to the business multimillion dollar closed two months ago.
The scale of the attack, says the BBC, is the most comprehensive among the violations of the cyber security of large companies that were being undertaken in the last few years, including the cases of data theft from MySpace (359 million users), LinkedIn (164 million) and Adobe (152 million).
At times the most popular site in the U.S. the company at the time valued at 125 billion dollars, Yahoo has been losing ground on the internet to other e-mail providers from the end of the 1990s, which ultimately led to it being acquired by Verizon this year, with the great purpose access to your database in massive and sell to users targeted advertising.
No comments:
Post a Comment