The data theft of over a billion users, would have occurred in August 2013. Last September, the company already showed a first attack on more than 500 million accounts.
The year 2016 was not successful and was decidedly not at Yahoo! The american giant of the Web announced Wednesday he was the victim of a large cyber-attack, compromising more than a billion user accounts. The flight data would have occurred in August 2013, according to the company, who stated that they did not have identified authors. This new attack, from an “actor’s third non-authorized”, has touched sensitive information: name, surname, email address, telephone numbers, date of birth, passwords are “hashed” and, in some cases, issues of safety as well as their response. The credit card data have nevertheless been spared, assures Yahoo!
“We are in the process of contacting affected users and have taken measures to secure their accounts, forcing them for example to change their password,” explains the company in a press release. “We have also invalidated the security questions and their response [that would have been affected by the theft].”
Yahoo! has already been the victim of a cyber-attack dating back to 2014, but revealed in September, touching this time-over 500 million accounts. The two events are “distinct”, says Yahoo!. The group has discovered this new flaw as a result of the information provided by the us authorities in November.
The security teams of Yahoo! have also investigated the use of fake cookies, allowing hackers to gain access to certain user accounts without passwords. These programs are usually used to identify a user automatically, for example to avoid having to re-enter his login and password every time you visit a given site. These activities could be related to the same “entity” responsible for the attack unveiled in September.
These hacks, even the elders, can have a large impact. Yahoo! is still today one of the most visited sites in the world, thanks to its e-mail service and its search engine. These intrusions allow to conduct campaigns of “phishing,” in usurping the identity of the victim, to steal payment data or other confidential information. They can also allow hackers to access other accounts, like Facebook or Gmail, in the case where the user uses the same password.
This information is revealed at a time particularly critical for Yahoo!, that is still in the process of resale of its Web activities at telecom operator american Verizon. The attack revealed in September already threatening to such redemption, signed in July for $ 4.8 billion (approximately eur 4.3 billion).