Yahoo has just issued a statement in which the company claims to have been the victim of an attack in 2013 which has led to the theft of more than one billion accounts of its users. This flight is in addition to the one made in 2014, for which Yahoo acknowledged the existence last September only, and already involved 500 million accounts.
The figure is simply dizzying, and is by far the largest data theft in the history of the Internet. The attack allegedly took place in August 2013 and is "likely to be distinct from the incident unveiled in September 2016," Yahoo said. The number of stolen accounts would thus reach a potential total of 1.5 billion. Stolen data include "email addresses, telephone numbers, dates of birth, encrypted passwords and, in some cases, encrypted or unencrypted security issues". No clear password would have been stolen according to the investigation conducted by Yahoo, as well as no bank details or means of payment.
Regarding the method used to achieve such data theft, Yahoo's findings point to the possibility of a modified cookie in order to deceive the server and provide certain information. Recall that a cookie, stored by the browser when visiting a site, acts as an identifier in order to allow a server to recognize a user.
Yahoo has already taken precautionary measures to limit possible damage to its users. Accounts that may be affected by this attack should be contacted by the service to prompt them to change their password. Similarly, Yahoo invites all users to take precautionary precautions to avoid any problem, such as changing their password and account security, looking for any trace of potentially suspicious activity, avoiding communications Unsolicited messages, or avoid clicking on links in unsolicited messages. Yahoo has put together a page (in English) gathering all the information to know about this piracy.
0 comments:
Post a Comment