Mid-Day.com – Yahoo: All 3 Billion User Accounts Were Hacked In 2013

mid-dayAfter revealing last year that a data breach in 2013 affected its one billion user accounts, Yahoo has now announced that all of its users — nearly 3 billion at that time — were impacted by the massive hacking.

According to Jason Hart, Vice President and Chief Technology Officer for data protection at Gemalto, the Yahoo breach would be the largest data breach of all time.

“While it is ‘news’ that Yahoo is making another announcement about its 2013 breach, it should be more concerning that it’s taken almost four years to get to the bottom of a breach of this magnitude,” Hart said in a statement.

“If Yahoo, one of the largest tech companies in the world, struggled with security, how can other companies combat these bad actors?” he added.

To read the full article click here.

The Register- Haven’t deleted your Yahoo account yet? Reminder: Hackers forged login cookies

the-registerYahoo! is reminding folks that hackers broke into its systems, and learned how to forge its website’s session cookies. That allowed the miscreants to log into user accounts without ever typing a password.

Jason Hart, CTO of data protection at Gemalto, commented: “While it is ‘news’ that Yahoo is making another announcement about a breach, it shouldn’t be surprising. Opt-in security is not an option in this day and age.

“The company recommended that users consider adopting its Yahoo Account Key, an authentication tool that eliminates the need for a password. However, tools like this only work if the user remembers to activate them. Given the current security climate, all companies should have multi-factor authentication activated by default for all online accounts,” he added.

To read the full article click here.

Also covered in Crawfordwise and Ste Williams

HelpNet Security – Yahoo notifies more users of malicious account activity

helpnetYahoo has sent out another round of account compromise notifications, warning users that hackers may have accessed their accounts by using forged cookies instead of passwords. How many in total, the company wouldn’t say.

 

“While it is ‘news’ that Yahoo is making another announcement about a breach, it shouldn’t be surprising,” Jason Hart, Vice President and Chief Technology Officer at Gemalto.

“The company recommended that users consider adopting its Yahoo Account Key, an authentication tool that eliminates the need for a password. However, tools like this only work if the user remembers to activate them. Given the current security climate, all companies should have multi-factor authentication activated by default for all online accounts. Opt-in security is not an option in this day and age,” he noted. “Now, it only remains to see how much more of a discount Verizon may ask for.”

To read the full article click here.

SC Media – Yahoo issues new breach warning; Verizon shaves $300M off its Yahoo offer

scmediaVerizon was in talks to purchase Yahoo’s internet business when news broke that the web company had been hit with two massive data breaches and this has had an impact on the asking price with the initial offer of $4.8 billion has been reduced by about $250 million, according to a report Wednesday on Bloomberg. Other reports cite the revised figure as shaving as much as $350 million off.

While it is news that Yahoo is making another announcement about a breach, it shouldn’t be surprising, Jason Hart, CTO of data protection at Gemalto, told SC Media on Wednesday. Opt-in security is not an option in this day and age, he said. “The company recommended that users consider adopting its Yahoo Account Key, an authentication tool that eliminates the need for a password. However, tools like this only work if the user remembers to activate them.”

Given the current security climate, Hart said all companies should have multifactor authentication activated by default for all online accounts. “Now, it only remains to see how much more of a discount Verizon may ask for.”

To read the full article click here.

InfoSecurity Magazine – ICO Confirms Yahoo Communication Post Breach

 icoyahoo

 

The Information Commissioner’s Office (ICO) has confirmed that it is talking to Yahoo about the reported billion account breach.

Jason Hart, VP and CTO for Gemalto’s data protection solutions, said that according to Gemalto’s Breach Level Index, over one billion records have been compromised in 2016 and using what it currently knows about this latest Yahoo breach, this would be the largest data breach of all time.

“What’s concerning about this breach is that Yahoo still hasn’t been able to confirm the source of the intrusion yet, and the fact that it took them over three years to discover a breach of this magnitude speaks to the amount of work we in the security industry still need to do,” he said. “If Yahoo, one of the largest tech companies in the world, is struggling with security, how can companies with fewer resources combat these bad actors?”

To read the full article click here.