Yahoo could face more trouble as data breach questions company’s security policies
In September, reports suggested that nearly 500 million Yahoo customers faced data hack in year 2014. However, a new report released in December suggests that data for nearly one billion Yahoo users was hacked in year 2013.
A report published by The New York Times suggests that the complete Yahoo data, with nearly one billion records, could fetch up to $300,000 in grey market.
The hacking incident of one billion Yahoo accounts in 2013 and the failure of the company to inform its customers till 2016 points to negligence of security staff at Yahoo. The data breach didn’t make it to public till the time law enforcement officials contacted Yahoo with samples of hacked data acquired from undisclosed sources.
Andrew Komarov, chief intelligence officer at Arizona-based InfoArmor informed, “Three buyers — two known spammers and an entity that appeared more interested in espionage — paid about $300,000 each for a complete copy of the database.”
Yahoo has stated that the company is not aware of the hackers involved with the 2013 hacking incident. The company has made progress in tracking the 2014 hacking incident and initial reports suggest that the hack was sponsored by a government agency. The company hasn’t provided any details about the government agency that could be involved.
Yahoo was in talks with Verizon as the telecom major was planning to acquire controlling stake in the company for $4.7 billion. The latest hacking incident revelations could impact that deal as well.
A detailed story regarding breach was published by Komarov on Bloomberg.Mr. Komarov suggests that the Yahoo hacking incident in 2013 was motivated by money and not politics. Komarov termed the hacking group involved with Yahoo hacking as Group E. He added that Group E could have sold complete copies of that data, several times.
Responding to Bloomberg story, Yahoo said, “The limited InfoArmor data set provided to us by Bloomberg, based on initial analysis, could be associated with the data file provided to us by law enforcement. That said, if InfoArmor has a report or more information, Yahoo would want to assess that before further comment.”
Another security firm Hold Security added that the hacking group was trying to sell Yahoo data for $200,000 on the so-called dark web.
Customer confidence in technology companies, retailers and banks has dropped significantly after recent data breaches. Most of the data breaches involve millions of customer accounts and these incidents only suggest that companies should be careful about the way they store, transmit and deal with sensitive customer information.