New Yahoo Breach Affects 1 Billion Accounts
Stolen Yahoo account details could be changing hands for as little as three-hundredths of a cent according to security researchers. It follows a hack of more than a billion accounts.
It's the second Yahoo breach reported this year. Back in September the news broke that details of more than 500,000 accounts had been accessed by hackers in 2014. Now Yahoo has confirmed a separate attack in 2013 involved the theft of data for more than a billion accounts, something security experts believe makes it a record breach.
It's suggested that the stolen data includes email addresses and passwords, plus access to phone numbers, birthdates, and security questions - information which could potentially be used to unlock other accounts with more sensitive information. (Source: businessinsider.com)
Yahoo Points Finger at Foreign Governments
Yahoo has suggested either or both breaches could be the result of attacks financed and backed by a foreign government. However, experts have questioned that idea, asking why a government would want such details.
Instead the motive appears to be profit, with reports suggesting that copies of the 2013 database have sold for $300,000. That would put each account's "value" to buyers at just 0.03 cents, compared with a price of between 70 cents and $1.20 as the going rate per account on the black market, according to a recent study. (Source: sophos.com)
One theory is that the price was so low because buyers were only interested in the details of a specific section of users, namely US government and military staff. The database is known to have accounts for around 150,000 people in this category, meaning the buyers spent around $2 per address. (Source: bloomberg.com)
Stolen Data Buyers Targeting Military
It seems the buyers may not be primarily interested in accessing messages of stolen accounts; instead, they may be looking for cases where the user had listed a government or military email address as their back-up account in their Yahoo settings - for resetting a password, for example. Having the combination of a person's name and work email could make it much easier to carry out successful spear phishing attempts.
Spear phishing is an attempt to fool a specific set of users (usually belonging to an organization) in order to further obtain credentials or access to sensitive information, so that hacking attacks (such as espionage) can be carried out. These are reportedly the most successful type of attack made on the Internet today.
For example, cyber criminals may pose as one of the hacked yahoo accounts belonging to military personnel, then send bogus email messages to trick colleagues into handing over data, or by having them click on a link which installs spyware onto a company's server. If a cyber criminal has the correct name and email address of certain users, it makes the messages seem much more believable, and thus the attack much more successful.
What's Your Opinion?
Is Yahoo's reputation shot by having a second high-profile breach on such a scale? Are you surprised that account details change hands for such little money? What measures could tech firms, employers and users take to prevent either the motivation for or success of such hacking attacks?
Infopackets Top Windows 10 FAQs
How to Upgrade from Windows 10 32-bit to 64-bit
How to Fix: Windows 10 Antivirus Missing, Not Compatible
How to Fix: Windows 10 Display Shifted; Screen Fuzzy
How to Upgrade Windows 7, 8 32-bit to Windows 10 64-bit
to Downgrade from Windows 10
- How to Fix: Windows 10 Upgrade Failed Error C1900208
- How to Fix: Windows 10 Upgrade Failed Error 80240020
- Can I Cancel my Windows 10 Reservation and Reserve Later?
- How to Clean Install Windows 10 using Windows 7, 8 License
- Will Windows 10 Install Automatically?
- Windows 10 Upgrade: Do I have to Reinstall Programs?
- Windows 10 Upgrade: Can I choose 32-bit or 64-bit?
- Which Version of Windows 10 Will I Get (Home or Pro)?
- How to Reserve Windows 10 Upgrade (Free)
- How to Fix: CPU Not Compatible with Windows 10 Error
- Windows 10 Upgrade: Can I keep my Old Windows Install?
- How to Cancel Windows 10 Reservation (Properly)
- Download Windows 10 .ISO (DVD) for Clean Install?
- Microsoft: Windows 10 Will Be The Last Version
- Does Windows 10 require the CPU to support PAE?
- Windows 10: Can I Upgrade or do I need a Clean Install?
Click here for more Windows 10 articles.