Friday December 14, 2018
Home Science & Technology Yahoo: New Se...

Yahoo: New Security Breach may have affected more than One Billion User Accounts

Yahoo says it was notifying the account holders affected. They will be required to change their passwords

0
//
FILE - The Yahoo logo is shown at the company's headquarters in Sunnyvale, California, April 16, 2013. VOA
Republish
Reprint

New York, December 15, 2016: Yahoo has disclosed a new security breach that may have affected more than one billion user accounts.

The breach dates back to 2013 and is thought to be separate from a massive cyber security incident announced in September, the company revealed on Wednesday.

NewsGram brings to you current foreign news from all over the world.

“For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,” said Bob Lord, Chief Information Security Officer, Yahoo, in a blog post.

The company previously disclosed that outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password.

NewsGram brings to you top news around the world today.

“Based on the ongoing investigation, we believe an unauthorised third party accessed our proprietary code to learn how to forge cookies. The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used,” Lord said.

Yahoo says it was notifying the account holders affected. They will be required to change their passwords.

Check out NewsGram for latest international news updates.

“We have also invalidated unencrypted security questions and answers so that they cannot be used to access an account,” added Lord.

Yahoo said it had connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft disclosed on September 22. (IANS)

Click here for reuse options!
Copyright 2016 NewsGram

Next Story

Aadhaar Helpline Mystery: French Security Expert Tweets of doing a Full Disclosure Tomorrow about Code of the Google SetUP Wizard App

0
cryptocurrency. google
Google, Facebook face greater scrutiny in Australia. Wikimedia Commons

Google’s admission that it had in 2014 inadvertently coded the 112 distress number and the UIDAI helpline number into its setup wizard for Android devices triggered another controversy on Saturday as India’s telecom regulator had only recommended the use of 112 as an emergency number in April 2015.

After a large section of smartphone users in India saw a toll-free helpline number of UIDAI saved in their phone-books by default, Google issued a statement, saying its “internal review revealed that in 2014, the then UIDAI helpline number and the 112 distress helpline number were inadvertently coded into the SetUp wizard of the Android release given to OEMs for use in India and has remained there since”.

Aadhaar Helpline Number Mystery: French security expert tweets of doing a full disclosure tomorrow about Code of the Google SetUP Wizard App, Image: Wikimedia Commons.

However, the Telecom Regulatory Authority of India (TRAI) recommended only in April 2015 that the number 112 be adopted as the single emergency number for the country.

According to Google, “since the numbers get listed on a user’s contact list, these get  transferred accordingly to the contacts on any new device”.

Google was yet to comment on the new development.

Meanwhile, French security expert that goes by the name of Elliot Alderson and has been at the core of the entire Aadhaar controversy, tweeted on Saturday: “I just found something interesting. I will probably do full disclosure tomorrow”.

“I’m digging into the code of the @Google SetupWizard app and I found that”.

“As far as I can see this object is not used in the current code, so there is no implications. This is just a poor coding practice in term of security,” he further tweeted.

On Friday, both the Unique Identification Authority of India (UIDAI) as well as the telecom operators washed their hand of the issue.

While the telecom industry denied any role in the strange incident, the UIDAI said that he strange incident, the UIDAI said that some vested interests were trying to create “unwarranted confusion” in the public and clarified that it had not asked any manufacturer or telecom service provider to provide any such facility.

Twitter was abuzz with the new development after a huge uproar due to Telecom Regulatory Authority of India (TRAI) Chairman R.S. Sharma’s open Aadhaar challenge to critics and hackers.

Ethical hackers exposed at least 14 personal details of the TRAI Chairman, including mobile numbers, home address, date of birth, PAN number and voter ID among others. (IANS)

Also Read: Why India Is Still Nowhere Near Securing Its Citizens’ Data?