Yahoo breach from 2013 affected 3 billion accounts
This week, former Equifax CEO Richard Smith testified in front of government officials, including the Senate Banking Committee. The discussions worked to unpack exactly how hackers gained access to the sensitive files of a company worth $13 billion, and at the conclusion, many representatives were still scratching their heads. To add to the turmoil, Yahoo revealed this week that a data breach from 2013 affected more accounts than they originally thought-- all of them. That’s right. The hack was originally thought to have compromised about 1 billion accounts, but this week that total is revealed to be closer to 3 billion. This news marks the biggest case of data theft in history.
“Recently obtained new intelligence”, as Yahoo called it, showed all user accounts affected by the 2013 incident. The company maintains that much of the information that was compromised was encrypted, though admits that the encryption was outdated and relatively easy to crack. Compromised information included security questions and backup email addresses, which hackers then use to break into other accounts more easily. From there, they have access to identifiable information, which is used for fraud, phishing and social engineering.
In July, Yahoo was purchased by Verizon Communications Inc. Cautious of their legal exposure when the first reports of the breach came out, Verizon substantially lowered their offer by $350 million. This new information raises question whether Verizon will again attempt to renegotiate with Yahoo, who was originally bought out for an agreed upon total of $4.48 billion. Senator John Thune, the chairman of the U.S. Senate Commerce Committee, plans to hold a hearing later this month in regards to this breach, as well as the Equifax breach, to get to the root causes, as well as hold businesses liable for damages to consumers. Congress also plans to draft legislation that transforms the ways companies gather, sell and protect personal data. Yahoo reported that email notifications have been sent to those affected by the breach. SIM2K recommends taking all remediation steps offered by Yahoo if you used to have an account with them, and in the future using 2-Factor Authentication tools, like those offered by SIM2K.
Equifax testifies in front of Senate Committees
It has been a rough week for Rick Smith, former CEO of Equifax. But a rough week in Washington may or may not punitively compensate for the years of potential identity theft his company created for Americans. On Tuesday and Wednesday this week, Smith testified in front of members of congress, defending the company he had run for 12 years that failed to protect the data of over 145 million people. Questions rattled off by representatives were stark, unyielding and persistent. Answers were met with scrutiny. Many were unable to grasp the language and technicalities that involve cybersecurity, and Smith seemed to use this fact to his advantage, often attributing his ambiguous answers to the “cumbersomeness” of big data and technology procedures.
The range of questions were enormous, and really illustrated how extravagant this data exfiltration was. Topics of discussion included failed security protocols, forced arbitration clauses, insider trading suspicions and even the abolishment of social security numbers. The entire hearing is very interesting, and provides a great glimpse into the war being waged between hackers and cybersecurity experts. You can watch the recordings of the hearings by traveling to the links provided below. P.S. Keep an eye out for the Monopoly Man in one of the videos!
October 4: Committee on Banking, Housing and Urban Affairs https://www.banking.senate.gov/public/index.cfm/hearings?ID=B61BB78D-CF34-4D54-B7F2-F7F982D77D6F
October 3: Committee on Energy and Commerce https://energycommerce.house.gov/hearings/oversight-equifax-data-breach-answers-consumers/
Tom X. McShane
Find us on social media!