Contact Your Financial
Adviser Money Making MC
16
December 2016
Yahoo has disclosed a new security
breach that may have affected more than one billion user accounts.
The breach dates back to 2013 and is
thought to be separate from a massive cyber security incident announced in
September, the company revealed on Wednesday. The Total Investment & Insurance Solutions
"For potentially affected accounts,
the stolen user account information may have included names, email addresses,
telephone numbers, dates of birth, hashed passwords (using MD5) and, in some
cases, encrypted or unencrypted security questions and answers," said Bob
Lord, Chief Information Security Officer, Yahoo, in a blog post. The Total Investment & Insurance
Solutions
The company previously disclosed that
outside forensic experts were investigating the creation of forged cookies that
could allow an intruder to access users' accounts without a password.
"Based on the ongoing
investigation, we believe an unauthorised third party accessed our proprietary
code to learn how to forge cookies. The outside forensic experts have
identified user accounts for which they believe forged cookies were taken or
used," Lord said.
Yahoo says it was notifying the account
holders affected. They will be required to change their passwords. The Total Investment & Insurance
Solutions
"We have also invalidated
unencrypted security questions and answers so that they cannot be used to
access an account," added Lord.
The Total Investment & Insurance Solutions
Yahoo said it had connected some of this
activity to the same state-sponsored actor believed to be responsible for the
data theft disclosed on September 22.The
Total Investment & Insurance Solutions
No comments:
Post a Comment