Did Russia or North Korea really hack one billion Yahoo accounts? And WHY?

Yahoo has said it believes hackers stole personal data from more than one billion user accounts as part of a cyber attack that occurred in 2013.
By The Newsroom
Published 15th Dec 2016, 10:31 BST
Updated 15th Dec 2016, 14:00 BST
Yahoo believes hackers stole personal data from more than one billion user accounts as part of a cyber attack in 2013.Yahoo believes hackers stole personal data from more than one billion user accounts as part of a cyber attack in 2013.
Yahoo believes hackers stole personal data from more than one billion user accounts as part of a cyber attack in 2013.

The technology giant said it believes the attack is “distinct” from another cyber attack the company reported in September this year, which involved around 500 million accounts and was said to have been carried out by a “state-sponsored actor” in late 2014.

Yahoo says this personal data affected included “names, email addresses, telephone numbers, dates of birth, hashed passwords”, as well as security questions and answers, but the company claimed financial information had not been compromised.

Hide Ad
Hide Ad

“Yahoo has identified data security issues concerning certain Yahoo user accounts,” the firm said in a statement.

“Yahoo has taken steps to secure user accounts and is working closely with law enforcement.

“As Yahoo previously disclosed in November, law enforcement provided the company with data files that a third party claimed was Yahoo user data. The company analysed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data.

“Based on further analysis of this data by the forensic experts, Yahoo believes an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts.”

Hide Ad
Hide Ad

The company also said it analysis has led it to believe the same state-sponsored hackers were involved in this newly-disclosed attack.

Fortune Magazine reported that “state-sponsored” culprits would include China, Russia and North Korea, which have all engaged in hacking and espionage at US targets in the past.

“Yahoo encourages users to review all of their online accounts for suspicious activity and to change their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account,” the statement said.

“The company further recommends that users avoid clicking links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information.”

Hide Ad
Hide Ad

The firm, which is currently being taken over by Verizon, said it was continuing to work with law enforcement authorities.

Q&A: Who hacked Yahoo? And why?

Yahoo has revealed one billion users have had data stolen in a cyber attack that took place in 2013.

The technology giant, currently the subject of a takeover by telecoms giant Verizon, said that personal information including names, email addresses and security questions were all accessed by a “third-party”, but no financial information is at risk, which is not stored in the affected system.

• What has Yahoo said happened?

The firm says that it was contacted by law enforcement in November with a large number of data files that hackers had claimed was Yahoo user data. The tech firm said it analysed this data and has now come to the conclusion it is personal information stolen from their system.

Hide Ad
Hide Ad

“Based on further analysis of this data by the forensic experts, we believe an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts,” Yahoo said.

They also claimed they believe the attack is separate to the one it reported in September, which affected around 500 million users and is said to have occurred in 2014. But the incident could have been carried out by the same “state-sponsored actor”.

• How did hackers break in?

The attack was said to have been carried out through the creation of forged “cookies” - pieces of data stored in a user’s browser from websites they visit. They are used so that a website does not require a log-in with each visit. The attackers’ forged cookies enabled them to gain access without passwords, the creation of which is likely related to the theft of Yahoo’s proprietary code.

• How many users in the UK and Ireland have been affected?

Yahoo is yet to disclose a country breakdown how many accounts have been affected. However, the company has a range of services, including email, Tumblr, Flickr and Yahoo Finance, all of which are believed to be at risk. Figures suggest the firm has around one billion active users, though many users have multiple or dormant accounts.

Hide Ad
Hide Ad

So, the figure stated by Yahoo suggests the companies entire user base has been affected, which according to a comScore report from October this year includes more than 32 million people in the UK.

• What are Yahoo users being advised to do?

All Yahoo users are being encouraged to change their passwords and security questions, and to also do so “for any other accounts on which you used the same or similar information used for your Yahoo account”.

“We are notifying potentially affected users and have taken steps to secure their accounts, including requiring users to change their passwords,” Yahoo said.

“We have also invalidated unencrypted security questions and answers so that they cannot be used to access an account.”

The company has also warned users to be cautious of an unsolicited communications that ask for personal information and to avoid clicking links in emails that appear suspicious.

Related topics:North KoreaRussiaChinaIreland