Yahoo hack hit 500 million users and may be state-sponsored, tech firm reveals

The company says it is working with law enforcement following apparent attack

Feliks Garcia
New York
Friday 23 September 2016 12:34 BST
Comments
How to protect yourself online after the Yahoo hack

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Yahoo confirmed that an apparent “state-sponsored actor” stole information associated with some 500 million user accounts.

The information could include names, email addresses, telephone numbers, dates of birth and hashed passwords but might not include unprotected passwords, payment card data or bank account information, the tech giant said.

More sensitive information, such as credit card data, bank account numbers, and unprotected passwords were unlikely to have been included in the stolen information.

Yahoo says the breach occurred in late 2014. The information released by the company at this time does not appear to indicate which goverment orchestrated the security breach.

Cybersecurity expert Graham Cluley told The Independent that there are a number of state entities that could be behind the attack, and Yahoo would need to release more information to make such a determination.

"There are hackers all around the world. I think it's far too early to know that this smells of North Korea, or something like that," he said. "There are many countries who would probably be interested in breaching yahoo – not to say the US itself, which has broken into Yahoo and Google's data centres to access data before."

What is unusual about the company's claim, Mr Cluley added, is that state-sponsored hacks are tyically more targeted than what appears to have happened to Yahoo. But pointing the finger at government actors could prove slightly better for a tech company's public image.

"Let’s put it this way, If I were running a really big company and 500 milion of my users just had their accounts compromised," he said "I would be awfully pleased if I determined that it was a state-sponsored attack than some 16-year-old kids. It sounds less embarrassing."

State-sponsored hacks have been a running topic of conversation throughout the US presidential election, as the Hillary Clinton campaign was the target of hackers believed to be from Russia. Later, the Democratic National Convention fell victim to a massive hack believed to have been sponsored by Russia, as well.

The Clinton campaign first connected Russia to the email dump in July, expressing concerns that the Putin administration was attempting to tamper with the outcome of a presidential election.

“What’s disturbing to us is that experts are telling us Russian state actors broke into the DNC, stole these emails, and other experts are now saying that the Russians are releasing these emails for the purpose of actually helping Donald Trump,” said Clinton campaign manager Robby Mook.

Nevertheless, Yahoo urges its users that their information will be kept safely moving forward.

“An increasingly connected world has come with increasingly sophisticated threats. Industry, government, and users are constantly in the crosshairs of adversaries,” Yahoo said in a statement.

“Through strategic proactive detection initiatives and active response to unauthorized access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure.”

The tech firm said it was working with law enforcement as it sought to respond to the attack.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in