CALL US 1800-399-2000

Uzado's Blog

The Latest Cybersecurity News and Advice... All Available Here!


The Yahoo Data Breach:  What happened?

Why_You_Need_a_Risk-Based_Approach_to_Vulnerability_Remediation.jpg

You’ve probably heard by now that Yahoo’s data breach in 2013 wasn’t contained to include only 1 billion users (which would’ve been bad enough), but instead, affected EVERY Yahoo account – totaling 3 billion user accounts!

Here’s what happened:

Back in 2013, Alexsey Belan – a Russian hacker – was indicted in Nevada and California for computer intrusions to three American e-commerce companies, but had landed in Russia before being arrested. Russia and the U.S. do not share an extradition treaty, so Belan was able to stay in Russia without concern of the charges laid in the U.S. Instead, according to Bloomberg Technology, Russia’s Federal Security Service (FSB) enlisted Belan and Karim Baratov (a second hacker from Canada) to help the agency hack into American Internet companies.

CSO Online explained that the hack came from a single user in Yahoo’s corporate office. The employee was sent a spear-phishing email with a link, which as soon as they clicked on it, it downloaded malware on the network. Once Belan gained access to the network, he created a back door on a Yahoo server, giving him additional access to the internal control center for Yahoo email accounts – the tool that Yahoo used to administer changes to accounts, like new passwords. Belan, then, copied and exported a backup of Yahoo’s User Database; which he used to gain personal details of all account holders.

Bloomberg Technology said: “The hackers then used the database to forge credentials, tricking Yahoo servers into recognizing them as an account holder who had essentially stayed logged in. The maneuver, appetizingly called "cookie minting," allowed them to read the contents of some 6,500 Yahoo accounts without even needing a password or username.” From there, the FSB targeted specific users, based on their names or the domain of their recovery emails.

It was later discovered that the FSB chose to target several Russian journalists, employees of a Russian cybersecurity company, and officials, even someone described as a physical training expert working in the Ministry of Sports. (The Justice Department did not release names of victims, only general descriptions.) They also included 14 employees of a Swiss bitcoin banking firm, a Nevada gaming official, a senior officer of a major U.S. airline, a Shanghai-based managing director of a U.S. private equity firm, and the chief technology officer of a French transportation company.

Once the hackers decided to focus on a specific target, they would identify spouses and children and continuously send them malware-laden emails to capture more personal information. Baratov’s specialty was crafting phishing emails, which would lure victims to give more personal information.

CSO Online said: “So clinical was the attack that when Yahoo first approached the FBI in 2014, it went with worries that 26 accounts had been targeted by hackers. It wasn't until late August 2016 that the full scale of the breach began to become apparent and the FBI investigation significantly stepped up. In December 2016, Yahoo went public with details of the breach and advised hundreds of millions of users to change their passwords.”

What can you do?

First thing’s first – CHANGE YOUR PASSWORD. Another tool that will help protect your systems, is to use strong firewalls and anti-virus programs. Lastly, use encryption tools while transferring files. Email is not secure. If unencrypted, emails could potentially be read by hackers. It’s often difficult to identify Phishing Scams – when a hacker disguises themselves, to try to steal information – especially since phishing scams are starting to appear as legitimate businesses (i.e. the Apple Store sending receipts from iTunes and Financial Institutions sending you information about your account, even though you don’t bank with them). Uzado offers “Secure File Transfer” systems specifically for this reason. To learn more, read ourblog, 5 steps to basic vulnerability and remediation management.

New Call-to-action

SHARE THIS STORY | |

Search

Subscribe to Email Updates