Yahoo probes possible huge data breach
August 2, 2016, 5:20 pm     |   Source: BBC

Yahoo is investigating claims the hacker linked to "mega-breaches" at MySpace and LinkedIn has posted details of 200 million Yahoo accounts to a marketplace on the dark web.

Usernames, passwords and dates of birth are being offered for sale for three bitcoins (£1,360).

Using the name Peace, the hacker said the data was "most likely" from 2012.

Yahoo said it was taking the claim "very seriously" and was "working to determine the facts".

"Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms," it said in a statement.



Dictionary attack

The passwords appear to be hashed - which means they have been scrambled - but the hacker has also published details of the algorithm allegedly used for the hash.

"The algorithm MD5 is considered to be weak, and for the vast majority of passwords it is easy to reverse what it was using what we call a dictionary attack," said Prof Alan Woodward, a security expert from Surrey University.

He added though that caution needed to be exercised about the alleged breach.

"We have seen claims about similar dumps in the past weeks which have proved to be fake or just old data," he said.

"People are still trying to work out if it is real or not."

Motherboard, which first reported the alleged breach, obtained a small sample of the data - some 5,000 records, and tested whether they corresponded to real accounts on the service.

It found that most of the first two dozen Yahoo usernames tested did correspond to actual accounts.

However, attempts to contact more than 100 of the addresses in the sample saw many returned as undeliverable with auto-responses reading: "This account has been disabled or discontinued," which might suggest that the data is old.



Brendan Rizzo, technical director at HPE Security, said: "Data has high value to attackers, and even though the information for sale on the black market is several years old, it can still be used for social engineering attacks for spear phishing to attempt to gain access to deeper systems with even more lucrative data that can be monetised directly if stolen."

Earlier this month, Yahoo was sold to US telecoms giant Verizon for nearly $5bn (£3.8bn).



Comments

m1.png m2.png m3.png m4.png m5.png
f1.png f2.png f3.png f4.png f5.png
+ =
Latest Videos
VIDEO: The Biology of Bliss and the Human OS - Jamie Wheal
Terror and Tourism: Changing the Travel Landscape
Earth In 2050 - HD Documentary 2015
The drive for gender equality in corporate Japan
Plane touches down then aborts during storm (VIDEO)
The Fermi Paradox II — Solutions and Ideas – Where Are All The Aliens (VIDEO)
Money Survival Tips for Millennials (VIDEO)
Lightning strike explodes a tree (VIDEO)
Latest Photos
best cities for small businesses
Best Jobs in America (PHOTOS)
Inside the coolest private jets (PHOTOS)
The best hotel club floors in the world
Winning Images from the 2015 National Geographic Traveler Photo Contest
PHOTOS: Raging Wildfires Prompt Major Evacuation
Amazing Geometry Cities from air - Photos
Photos Bangkok Get snow - Opens Snow Village