Yahoo, one of the leading internet companies, has been hacked and lots of data belonging to users has been stolen. The company recently revealed the discovery of the violation of about one billion accounts belonging to users, which took place sometime in August 2013. However, the hacking of those user accounts is purported to be different from the most recent intrusion into and pilfering of data from more than 500 million Yahoo accounts which occurred last September.
No one has been able to detect how data from more than one billion Yahoo accounts was stolen, nor were the hackers behind this cybercrime outed. Even the Chief Information Security Officer of the company, Bob Lord, affirmed this fact.
According to the CIS Officer, Bob Lord, the information that was alleged to be stolen comprises names, date of birth, email addresses, telephone numbers, hashed passwords as well as coded and decrypted security questions and their respective answers.
The security intrusion occurred as a result of the use of Yahoo’s proprietary code by a hacker who was able to use it to develop counterfeit cookies which could be used to gain access to Yahoo accounts without entering passwords. It was law enforcement who alerted the giant company about the unauthorized intrusion into its databases by the unknown hackers. Yahoo had to enlist the help of independent forensic specialists to help in examining data. The forensic experts have been able to identify the user accounts that were believed to have made use of the counterfeit cookies. Bob Lord also said that the company has begun informing the holders of the affected accounts and have proceeded to abrogate the phony cookies. Although he did not give specifics, Bob Lord alleged that the cybercrime was committed by someone who was state-sponsored.
So far, the good news is that the data that was stolen may not have included payment details as well as passwords written in plain text; but the bad news is that MD5, the hashing algorithm, is no longer secure. This implies that MD5 hashes could easily be decrypted online and the passwords exposed. This development does not bode well for holders of Yahoo accounts as well as for the company itself.
Nevertheless, Yahoo has stated that it will notify the users of the accounts that were affected by the security breach and would require holders of such accounts to change their passwords as soon as they can.
The recent discovery of Yahoo’s porous internet security has raised several questions in the ongoing acquisition of the company by Verizon. Despite the fact that employees of Yahoo knew of the security breach that occurred as far back as 2014, where 500 million users lost valuable data, it was not made public until last September. Whether Yahoo executives knew about the security intrusion, as well as when they knew about it, is still in contention. It wasn’t until after the deal to acquire the company by Verizon was final that the news about the first breach became public.
Notwithstanding, even though Verizon paid a hefty $4.83 billion to buy Yahoo, the recent security problems have raised speculations that Verizon may ask for a discount of about $1billion. A spokesman for Verizon disclosed this, and he also mentioned that Verizon would reassess the situation even as Yahoo continues with its investigations.