Tech giant Yahoo is in the news again, and not for good reason. In September, Yahoo reported that they had experienced a cyber breach on a massive scale (the largest to date at that time), with 500 million user accounts corrupted by hackers. If you remember, the breach had originally occurred in 2014, but had not been made public until 2016, making Yahoo the biggest cybersecurity news in 2016.
On December 14, Yahoo announced that it had learned that the company had been the victim of a cyberattack predating 2014, after an investigation conducted by law enforcement gave the company files detailing that a third party had claimed was Yahoo user data.
Yahoo partnered with a forensic team to analyze the data provided them by law enforcement. After analyzing the data it was learned that an unauthorized third party had breached Yahoo's security systems in August 2013, stealing the account information of over 1 billion Yahoo users.
This means that two separate cybersecurity breaches hit Yahoo in two years. Questions remain: How could this have happened, and why was their response time so slow?
On Wednesday, the tech company shared with its users, shareholders and Verizon (Verizon was and currently still is in the middle of purchasing the company for $4 billion) that they believe the hacks, though separate, are connected through the same state-sponsored cybercriminal ring. A state-sponsored hack is one committed by a foreign government for commercial, political or military gains.
Yahoo's chief information officer said in a statement that "[the company has] not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016. For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords, and, in some cases, encrypted or unencrypted security questions and answers. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information."
So far the diagnostics scan found that the cybercriminals used forged cookies. Forged cookies are pieces of code that stay behind in the user's browser cache. This means that when the website is visited again, the user won't be required to log back in. According to Yahoo CISO Bob Lord, forged cookies "allow an intruder to access user accounts without a password." In effect, a forged cookie works as a sort of mask, making the cybercriminal look like the actual owner of the account, giving them complete, unadulterated access.
Do you have a Yahoo account? To keep your information safe, go and change your passwords and security questions, it could save you time and money down the line. If you're looking to protect your business against a cybersecurity breach, invest in a cyber insurance plan with CyberPolicy today.