{"id":1050,"date":"2017-10-05T12:19:03","date_gmt":"2017-10-05T16:19:03","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=1050"},"modified":"2018-02-23T11:32:15","modified_gmt":"2018-02-23T15:32:15","slug":"yahoo-breach-round-three","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/","title":{"rendered":"Yahoo-oops! All 3 Billion Yahoo Users Were Exposed in 2013 Breach"},"content":{"rendered":"

\"\"In\u00a0a filing\u00a0with the US Securities Exchange Commission (SEC) on Tuesday, former Google competitor Yahoo! has revealed that all three billion of its users were compromised in the 2013 data breach first disclosed by the company in 2016.<\/p>\n

This marks the second revision to Yahoo!<\/em>‘s breach numbers. When Yahoo! first reported the hack, it put data casualties at the 500 million<\/a> mark. The company then revised that amount to a cool one billion<\/a> just two months later\u2014at the time the largest data breach ever reported.<\/p>\n

Yahoo! <\/i>is\u00a0now owned by Verizon, under the\u00a0Oath\u00a0brand, following a 2016 takeover in which the telecom co. paid over $4B for the faltering search biz.<\/p>\n

In a brief statement<\/a>, Oath said that it had “recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts,” that the breach was much bigger than it initially admitted. In fact, “all Yahoo user accounts were affected by the August 2013 theft.”<\/p>\n

Stolen user account information included names, email addresses, phone numbers, dates of birth, MD5 hashed passwords, and even encrypted security questions and answers. Luckily, hackers were unable to access payment card data.<\/p>\n

\t\t\t

\"Download<\/a><\/p>\n<\/div>\n\t\t<\/div><\/div> While many of the stolen passwords were\u00a0bcrypt hashed, and thus well protected, affected users are strongly encouraged users to change their passwords, security questions and answers for Yahoo accounts and any other accounts that use the same or similar passwords and security questions.\u00a0Yahoo is sending email notifications to the additional 2 billion (!!!)<\/em> affected user accounts.<\/p>\n

In March<\/a>, American prosecutors indicted four men they say were responsible for the hack\u2014\u00a0two agents of the Russian Federal Security Service (FSB) and two civilian hackers.\u00a0The DoJ alleges that FSB officers Dimitry Dokuchaev and Igor Sushchin \u201cprotected, directed, facilitated and paid\u201d criminal hackers Alexsy Belan and Karim Baratov for the undertaking of massive hacking operation that stretched from 2014 to late 2016. So far Karim Baratov, a Kazakh national and resident of Canada, is the only one of the four accused hackers arrested in connection with the case. He is\u00a0now in a US jail\u00a0awaiting trial.<\/p>\n

\n

Yahoo!<\/em>\u00a0has also been held accountable for the hack\u2014sorta. The company had to knock about $350M off its price tag when selling to Verizon, down from $4.8B to roughly $4.5B. That’s something, I guess. Former CEO Marissa Meyer also lost her job but walked away with a $55M golden parachute,\u00a0so yeah, not that bad.<\/p>\n

The new information begs the question\u2014why did it take four years to figure out the full extent of the breach? And why did Yahoo!\u00a0<\/em>take so long to notify its users in the first place? And why is that exclamation point in\u00a0italics<\/em>? Unfortunately, until we get in the habit of holding corporations accountable for inadequate security, the world may never know.<\/p>\n","protected":false},"excerpt":{"rendered":"

In\u00a0a filing\u00a0with the US Securities Exchange Commission (SEC) on Tuesday, former Google competitor Yahoo! has revealed that all three billion of its users were compromised in the 2013 data breach first disclosed by the company in 2016. This marks the second revision to Yahoo!‘s breach numbers. When Yahoo! first reported the hack, it put data […]<\/p>\n","protected":false},"author":24,"featured_media":645,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1,3],"tags":[398,338,112,449,450,448],"acf":[],"yoast_head":"\nYahoo-oops! All 3 Billion Yahoo Users Were Exposed in 2013 Breach<\/title>\n<meta name=\"description\" content=\"Why didn't we hear about this the first time around?\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Yahoo-oops! All 3 Billion Yahoo Users Were Exposed in 2013 Breach\" \/>\n<meta property=\"og:description\" content=\"Why didn't we hear about this the first time around?\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions & Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2017-10-05T16:19:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-02-23T15:32:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/10\/yahoo-data-breach.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"350\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jeff Edwards\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Edwards\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/\",\"name\":\"Yahoo-oops! All 3 Billion Yahoo Users Were Exposed in 2013 Breach\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/10\/yahoo-data-breach.jpg\",\"datePublished\":\"2017-10-05T16:19:03+00:00\",\"dateModified\":\"2018-02-23T15:32:15+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\"},\"description\":\"Why didn't we hear about this the first time around?\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/10\/yahoo-data-breach.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/10\/yahoo-data-breach.jpg\",\"width\":800,\"height\":350,\"caption\":\"yahoo data breach victims allowed to sue judge rules\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Yahoo-oops! All 3 Billion Yahoo Users Were Exposed in 2013 Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions & Vendors\",\"description\":\"Buyer's Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\",\"name\":\"Jeff Edwards\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"caption\":\"Jeff Edwards\"},\"description\":\"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.\",\"sameAs\":[\"https:\/\/solutionsreview.com\",\"https:\/\/x.com\/InfoSec_Review\"],\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/jedwards\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Yahoo-oops! All 3 Billion Yahoo Users Were Exposed in 2013 Breach","description":"Why didn't we hear about this the first time around?\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/","og_locale":"en_US","og_type":"article","og_title":"Yahoo-oops! All 3 Billion Yahoo Users Were Exposed in 2013 Breach","og_description":"Why didn't we hear about this the first time around?\u00a0","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","article_published_time":"2017-10-05T16:19:03+00:00","article_modified_time":"2018-02-23T15:32:15+00:00","og_image":[{"width":800,"height":350,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/10\/yahoo-data-breach.jpg","type":"image\/jpeg"}],"author":"Jeff Edwards","twitter_misc":{"Written by":"Jeff Edwards","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/","name":"Yahoo-oops! All 3 Billion Yahoo Users Were Exposed in 2013 Breach","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/10\/yahoo-data-breach.jpg","datePublished":"2017-10-05T16:19:03+00:00","dateModified":"2018-02-23T15:32:15+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6"},"description":"Why didn't we hear about this the first time around?\u00a0","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/10\/yahoo-data-breach.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2016\/10\/yahoo-data-breach.jpg","width":800,"height":350,"caption":"yahoo data breach victims allowed to sue judge rules"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/yahoo-breach-round-three\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"Yahoo-oops! All 3 Billion Yahoo Users Were Exposed in 2013 Breach"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","description":"Buyer's Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6","name":"Jeff Edwards","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","caption":"Jeff Edwards"},"description":"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.","sameAs":["https:\/\/solutionsreview.com","https:\/\/x.com\/InfoSec_Review"],"url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/jedwards\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1050"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=1050"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1050\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/645"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=1050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=1050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=1050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}