Yahoo, an American web service provider was one of the pioneers of the early internet era in 1990s. Yahoo! was the most widely read news and media website – with over 7 billion views per month – ranking as the sixth-most-visited website globally in 2016.
Other than this, Yahoo as one of the internet service company outlined two major data breaches of user account data to hackers. Tho the first breach took place in 2013 then in 2014 but was reported in September 2016 which affected more than 500 million Yahoo! User accounts. Other than this another data breach happened in August 2013 was also reported in september 2016. It was initially believed to to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted including about one billion accounts in the US and Israel. Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.
Yahoo! has been criticised for their security measures and irresponsibility over late confirmation of two major breaches which led them to face several law suits as well as strict investigation by United States Congress. There was unrevealed July 2016 discovery which subjected around 200 million Yahoo! account names and passwords which were presented for a sale on the darknet market site "TheRealDeal". The seller confirmed that he had the data for a while and he was selling it privately since about late 2015. Yahoo! stated they were aware of the data and were evaluating it, cautioning users about the situation but did not reset account passwords at that time.
The late 2014 breach which was publicly reported on September 22 2016. In its November 2016 SEC filing, Yahoo! reported that they were aware about certain intrusions on 2014 data breach but because they didnt understood very welk unless the proper investigation was held in 2016. Also 2016 SEC filing noted that company believed the breach took place through a cookie-based attack which allowed hackers to authenticate any ither user without their password. Later in 2017, Yahoo! stated that 32 million accounts were accesed through this cookie-based attack.
Even multiple experts in investigation believed this as the largest data breach worldwide in the history of the Internet. August 2013 data breach was revealed as a separate breach than 2014 and was conducted by some unauthorised third party. Yahoo! again reported this breach on December 14, 2016 in which they forced all the affected users to change their passwords and re-enter any uncrypted security questions and answers to make them encrypted in the future.
Yahoo tries to settle 3-billion-account data breach with $118 million payout. Like any other settlement, yahoo! Did the same. They aggreed upon a settlement that would require Yahoo! to pay $117.5 million. At first they agreed to a settlement of $50 millionplus attorneys fees and other expenses, If you had a Yahoo premium account or used small business services, you are entitled to some reimbursement, Yahoo adde but the US district judge rejected it. So then Yahoo! and plaintiffs filed their new settlement in US district court.The settlement and judge's review went like this: "Following the Court's denial of [the first proposed settlement], the Parties immediately set about addressing the issues the Court identified, re-engineering the resolution of this case," the new proposal says. "The Amended Settlement Agreement not only provides the biggest common fund ever obtained in a data breach case ($117,500,000.00), it materially moves the benchmarks on: The individual claim cap ($25,000), the amount of lost time that can be reimbursed (15 hours), the minimum rate at which such time is compensated ($25.00/hour), and alternative compensation for those already having credit monitoring ($100, up to full retail value of $358.80)."
Yahoo is now offering two free years of credit-monitoring services to those with accounts that were affected by any of the breaches.
Bình luận