Another Discovered Yahoo Data Breach (2013)

by Tech Mainstream Staff


December 15, 2016


Another Discovered Yahoo Data Breach (2013)


In November, Yahoo determined through law enforcement officials that an unauthorized third party stole data files which contained Yahoo user data. In an official Yahoo statement, the details are given: "Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016."

The compromised user data may have contained "names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers." It has also been determined that "clear text, payment card data, or bank account information" was not part of the data breach.

How did this happen? The intruder(s) learned to forge "cookies that could allow an intruder to access users’ accounts without a password. Based on the ongoing investigation, we [Yahoo] believe an unauthorized third party accessed our proprietary code to learn how to forge cookies." For individuals that have been affected by this data breach, Yahoo offers this advice, "We are notifying potentially affected users and have taken steps to secure their accounts, including requiring users to change their passwords." As for the cookie forgery issue, Yahoo remarks, "we invalidated the forged cookies and hardened our systems to secure them against similar attacks." For a complete analysis of the data breach and additional security tips visit Yahoo Security Notice December 14, 2016

 

Upcoming Tech Events

February 5-7, 2019- SaaStr Annual 2019

February 12-15, 2019- IBM Think 2019

February 13-14, 2019- Mobile Growth Summit 2019

February 19-23, 2019- 2019 DNN Summit

March 19-21, 2019- 2019 OFA Workshop

April 3-5, 2019- MarTech 2019

April 10-11, 2019- Digital Summit 2019

May 20-23, 2019- DataWorks Summit 2019

May 22-24, 2019- Coveo Impact

May 23-24, 2019- Women in Tech Festival

June 10-11, 2019- Microsoft Business Applications Summit

June 17-19, 2019- Salesforce Connections 2019

July 15-17, 2019- MozCon

July 16-18, 2019- Marketing Artificial Intelligence Conference

September 9-11, 2019- Digital Transformation Connect