Freitag, 23. September 2016

Ein "state-sponsored actor" spioniert 500 Millionen Email-Kontakte aus

Der Bloginhaber benutzt als Email-Postfach einen Yahoo-Account. Interessant, was ihm Yahoo heute, am 23.9.2016, so mitteilt:
Ihr Account ist möglicherweise von einem Sicherheitsproblem betroffen. Hier erfahren Sie mehr zu dem Problem und wie Sie Ihren Account besser schützen können.
Überwachungskameras
Fotograf: Dirk Ingo Franke
Und dann:
Account Security Issue FAQs. We have confirmed, based on a recent investigation, that a copy of certain user account information was stolen from our network in late 2014 by what we believe is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.
Und weiter:
We are working closely with law enforcement authorities and notifying potentially affected users of ways they can further secure their accounts. We are notifying potentially affected users by email and posting additional information to our website. Additionally, we are asking potentially affected users to promptly change their passwords and adopt alternate means of account verification. The ongoing investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network.
So, man hat also sein Passwort geändert. Und nun? Ist der "state-sponsored actor" draußen? Die Meldung hiervon geht heute auch durch die Presse (CNN):
"The FBI is aware of the intrusion and investigating the matter," an FBI spokesperson said. "We take these types of breaches very seriously and will determine how this occurred and who is responsible. We will continue to work with the private sector and share information so they can safeguard their systems against the actions of persistent cyber criminals." A large-scale data breach was first rumored in August when a hacker who goes by the name of "Peace" claimed to be selling data from 200 million Yahoo users online. The same hacker has previously claimed to sell stolen accounts from LinkedIn (LNKD, Tech30) and MySpace. Yahoo originally said it was "aware of a claim" and was investigating the situation. Nearly two months later, it turns out the situation is even worse. "This is massive," said cybersecurity expert Per Thorsheim on the scale of the hack. "It will cause ripples online for years to come."
Und (ABCNews):
Yahoo did not immediately respond to ABC News' request for comment on why users were finding out about the attack approximately two years after the fact. It wasn't clear whether users were vulnerable during that 2-year period. (...) News of the hack comes two months after the company announced that it would be sold to Verizon for about $4.83 billion. That deal has not yet closed.

Keine Kommentare:

Kommentar veröffentlichen