December 7, 2021

You could have a Yahoo account without even knowing it

Pin It

103961865-data-breach-530x298By Chris Isidore From CNN

Think you’re not affected by the massive hack of 500 million Yahoo accounts? Think again.

Just because you don’t have a Yahoo email account doesn’t mean you’re off the hook.

There are plenty of other types of accounts that put users at risk.

Play fantasy sports on Yahoo Sports?

Post pictures on Ficklr?

Blog on Tumblr?

Or maybe you just stopped using your Yahoo email years ago.

If so, you might be a hacking victim, according to a leading Internet security expert.

“There are lots of people, millions of people, who don’t understand they have a Yahoo account,” said Per Thorsheim, a global cybersecurity expert based in Norway.

The hack, disclosed by Yahoo on Thursday, was allegedly committed by a “state-sponsored actor” on behalf of a foreign government, according to the company. It said the breach occurred in 2014.

Much of the attention to the hack focused on current Yahoo email users. But Thorsheim said one of his big concerns is that many people don’t realize they have other accounts that put their information — including names, email addresses, telephone numbers and birthdays — in jeopardy.

Yahoo (YHOO, Tech30) hasn’t given out much information as to which accounts were hacked. And spokespeople didn’t answer questions about whether specific services such as fantasy sports accounts were included in the hack.

Related: What to do if your Yahoo account was hacked

Thorsheim said the other issue is that there are probably millions of people who have forgotten about a Yahoo email account they used to have. What they don’t realize is that it’s still active and their information is still associated with it.

“The idea that ‘I don’t use that account any more, I don’t have to worry about it.’ – in most cases, unfortunately that’s wrong,” he said. “If you have an account that you don’t use, you should delete it. But very few people do that. I’m guilty of not doing that myself.”

For more and video go to:

Related story:

Yahoo CEO Mayer knew about data breach in July: Report

By Harriet Taylor From CNBC

Yahoo CEO Marissa Mayer has known that Yahoo was investigating a serious data breach since July, but withheld the information from investors, regulators and acquirer Verizon until this week, according to Financial Times reporters.

“Marissa was aware absolutely — she was aware and involved when Peace surfaced this allegation in July,” the FT reports, citing a person briefed on Yahoo’s internal discussions.

“[She] was part of the investigation and conversation from the very beginning and along with the team every step of the evidentiary gatherin and analysis process. In fact, the key executive team has been engaged from the very beginning.”

If that allegation proves to be true, Yahoo could find itself drawing the attention of the SEC, experts told the FT.

Chatter about the breach started bubbling up on the dark web in late July and early August, with people asking for anyone who had purchased the database to share it with them, Alex Heid, chief research officer at cybersecurity firm Security Scorecard, told CNBC. Cybersecurity researchers are not always required to report such findings to the victims or law enforcement, but often do so.

On Thursday, Yahoo’s confirmation of a 2014 breach resulting in the theft of more than 500 million user accounts — the largest hack in history — left a lot of questions unanswered. Yahoo has yet to formally acknowledge when it learned of the breach, which remains the biggest unanswered question to industry insiders.
Live Stream Cambridge Cyber Summit
Register for the Cambridge Cyber Summit

“This is an important detail in the story,” Jeremiah Grossman a former Yahoo infosecurity officer, now at SentinelOne, told CNBC in an email.

“Additionally, there are questions to be answered around Yahoo’s claim that this was a state-sponsored hacker,” he said.

State-sponsored hackers do not typically publicly share stolen data or sell it, as the hacker who has claimed responsibility for the breach has been doing raising the possibility that we are looking at two different Yahoo breaches with two different hacking groups in their system, he said.

Yahoo issued this statement: “As we disclosed yesterday, a recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from our systems in late 2014 by what we believe is a state-sponsored actor. Our investigation into this matter is ongoing and the issues are complex. Some things, however, are clear: Yahoo has never had reason to believe there is any connection between the security issue disclosed yesterday and the claims publicized by a hacker in August 2016. Conflating the two events is inaccurate.”

For more on this story and video go to:

Print Friendly, PDF & Email
About ieyenews

Speak Your Mind