Yahoo was hacked. Again. They disclosed in a statement that hackers gained access to information from over one billion accounts. Yahoo users are now being forced to change their passwords immediately, due to a hack discovered that had taken place in August of 2013.
The true problem with this is that they could not clearly determine the way they obtained access to the information such as “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers” according to Bob Lord, Yahoo’s chief information security officer.
Yahoo did not discover this hack. Law enforcement agencies discovered the breach and was able to determine what data was taken thanks to outside forensic experts.
Also, Yahoo also announced today that its proprietary code had been accessed by a hacker, who used the code to forge cookies that could be used to access accounts without a password. “The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies,” Lord said, adding that he believed the attack was launched by a state-sponsored actor.
The ramifications of this are profound, especially in light of recent news that there appears to be a mounting trail of evidence suggesting that Vladimir Putin orchestrated a concerted, systematic hacking of the United States election process with the goal of influencing the outcome of not only the presidential election, but various senate races as well.
The hacking of Yahoo may have much broader implications than just Verizon’s intent to buy Yahoo. Verison might be rethinking things now, but what if this hacking is part of a much bigger picture? Watch this space.