Tag: yahoo

US about to arrest Yahoo hackers

US Justice Department officials are expected to announce arrests against suspects in at least one of a series of hacking attacks on Yahoo.

The accused men live in Russia and Canada, the source said, with the Canadian far more likely to be forced across the border to face arrest. Russia has no extradition treaty with the United States and Tsar Putin is expected to be a big fan of whoever hacked Yahoo.

It could not immediately be learned whether the group was suspected in the hacking of data about one billion Yahoo users, or a separate hack of 500 million email accounts.

The indictments were first reported by Bloomberg News. The two largest hacks, and Yahoo’s much-criticised slow response and disclosure, forced a discount of $350 million in what had been a $4.83 billion deal to sell Yahoo’s main assets to Verizon Communications.

Marissa Mayer to get a $23 million “golden parachute”

Yahoo is giving its CEO Marissa Mayer a $23 million “golden parachute” and $3 million in cold hard cash in the hope that she might go away with the least amount of fuss.

The search engine has named Thomas McInerney, a former chief financial officer of IAC, as the bearer of the Yahoo poisoned chalice once the merger with Verizon becomes official.

Yahoo said that after it completes the sale of its core search business to Verizon and Mayer and co-founder David Filo step down as board members of Altaba – the new name for the remaining holdings.

Mayer’s golden parachute is the large payment for top executives if they lose their position because of a deal, would include $19.97 million in equity and more than $3 million in cash, according to a regulatory filing.

It would kick in if there is a change in control, as will be the case in the deal, and she is terminated “without cause” or “leaves for good reason” within a year.

There cannot be many people who would be upset at getting $26 million not to go to work.

Marissa Mayer gives her bonus to staff

Yahoo CEO Marissa Mayer announced today via her Tumblr page that she will be redistributing her annual bonus and equity stock grant to Yahoo employees to make up for two security hacks which thumped the company.

An independent committee Yahoo brought on to investigate the hacks found the company to be at fault for not sufficiently responding to the security incidents.

The committee said that while significant additional security measures were implemented in response to those incidents, it appears certain senior executives did not properly comprehend or investigate, or act on information provided internally by the company’s information security team. Because of the hacks, Yahoo’s top lawyer, Ron Bell, was fired.

Mayer has accumulated about $162 million during the five years she’s spent as the company’s CEO in both salary and stock awards. She’s also due about $55 million in severance if she decides to leave the company following its acquisition by Verizon.

While it is nice that Mayer is giving her cash to the employees, most of the victims of the security fiasco were customers and users, who are no doubt organising a class action as we write.

Yahoo being investigated for handling of data breaches

Marissa-Mayer-webex-ART-OLD-SITE (1)The troubled search engine outfit Yahoo is being investigated by Inspector Knacker of the US yard and financial regulators over its handling of two huge data breaches.

Yahoo was hacked in 2014 and huge amounts of personal data was stolen. Yahoo, which was a little concerned about more publicity failed to make the news public.

Now the FBI is looking into whether Yahoo’s two massive data breaches should have been reported sooner to investors. If Yahoo faces any fall-out from the case then it could be a major test in defining when a company is required to disclose a hack.

For those who came in late, the first data breach in 2013 that involved more than one billion users’ accounts. The second was in 2014, an intrusion which involved about 500 million accounts. SEC has requested documents from Yahoo.

The agency has been considering a model case for cybersecurity rules it issued in 2011. Yahoo has said that it was cooperating with the SEC, Federal Trade Commission and other federal, state, and foreign governmental officials and agencies including “several State Attorneys General, and the U.S. Attorney’s office for the Southern District of New York”.

When Yahoo reported the 2014 breach, it said that evidence linked it to a state-sponsored attacker. It has not announced a suspected responsibility for the larger 2013 intrusion, but the company has said it does not believe the two breaches are linked.

 

Yahoo gone, Mayer to quit

Marissa-Mayer-webex-ART-OLD-SITE (1)Yahoo is to rename itself Altaba and Chief Executive Officer Marissa Mayer will quit after the closing of its deal with Verizon.

Yahoo has a deal to sell its core internet business, which includes its digital advertising, email and media assets, to Verizon for $4.83 billion.

Five other Yahoo directors would also clean out their desks after the deal closes, Yahoo told regulators. The new company also named Eric Brandt chairman of the board.

The remaining directors will govern Altaba, a holding company whose primary assets will be a 15 percent stake in Chinese e-commerce company Alibaba and 35.5 percent stake in Yahoo Japan.

The terms of that deal could be amended – or the transaction may even be called off – after Yahoo last year disclosed two separate data breaches; one involving some 500 million customer accounts and the second involving over a billion.

Verizon executives have said that while they see a strong strategic fit with Yahoo, they are still investigating the data breaches.

 

Verizon getting cold feet about Yahoo

coldfeet191115Telco Verizon, which was thinking about buying the troubled search engine outfit Yahoo, is getting cold feet.

The deal was all set to go through and then Yahoo was hit by a couple of security scandals including a suppressed data leak which stripped value from the company.

Marni Walden, president of product innovation and new businesses, who is a senior executive of Verizon said that she could not sit “sit here today and say with confidence one way or another because we still don’t know.”

If it wants to get out of the deal, Verizon likely will have to show the overall value of Yahoo has declined as a result of the two hacking disclosures.

“I have to have certain facts in order to be able to make a decision. There’s a lot of stuff we don’t know.”

If only there was a good search engine where you could look up the information you need on that Internet thingee.

Yahoo hacked again

13.-Hacker-1-696x464Yahoo has said that it was hacked again and data from more than a billion user accounts was nicked.

Apparently the attack happened in August 2013, making it the largest breach in history and we just found out about it.

The number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government. News of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc to say in October that it might withdraw from an agreement to buy Yahoo’s core internet business for $4.83 billion.

Verizon said about the latest attack that it would be reviewing the impact of this new development before reaching any final conclusions.

A Yahoo spokesman said the company has been in communication with Verizon during its investigation into the breach and that it is confident the incident will not affect the pending acquisition.

A spokesYahoo added it believes hackers responsible for the previous breach had also accessed the company’s proprietary code to learn how to forge “cookies” that would allow hackers to access an account without a password.

However some analysts have said that the company has screwed up and was found not to have been taking security seriously enough.

Yahoo said it had not yet identified the intrusion that led to the massive data theft and noted that payment-card data and bank account information were not stored in the system the company believes was affected.

Yahoo said it discovered the breach while reviewing data provided to the company by law enforcement. FireEye Inc’s Mandiant unit and Aon Plc’s Stroz Friedberg are assisting in the investigation, the Yahoo spokesman told Reuters.

 

Big Tech reacts in horror to Yahoo’s spying story

A shocked Baby (2)_fullAfter the news got out that Yahoo has been scanning its mail systems for the US spooks, the bigger US ISPs have reacted in horror and said they would never dream of such a thing.

Apple, Facebook, Google, Microsoft, and Twitter have all said they would never do such a thing.

According to Reuters, Yahoo built in 2015, at the US  government’s request, software that scans literally all emails for certain information provided by either the National Security Agency or the FBI. The software was never mentioned in Yahoo’s biannual transparency report. In the latter half of 2015, the company received 4,460 total government data requests, for 9,373 accounts, that it would classify as “Government Data Requests,” a category that includes National Security Letters from the FBI and Foreign Intelligence Surveillance Act requests.

According to the Reuters report, the Yahoo programme was known to only a handful of employees.

A Facebook representative said “Facebook has never received a request like the one described in these news reports from any government, and if we did we would fight it.”

Google said the same: “We’ve never received such a request, but if we did, our response would be simple: ‘no way.’”

A Microsoft spokesperson added: “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.”

A representative for Twitter replied that: “We’ve never received a request like this, and were we to receive it we’d challenge it in a court. Separately, while federal law prohibits companies from being able to share information about certain types of national security related requests, we are currently suing the Justice Department for the ability to disclose more information about government requests.”

While Apple declined to give a statement on the record it has previously said it would never do anything like that.

Yahoo is coming out looking like the bad guy. It is in talks to be acquired by Verizon, but also facing another scandal for suffering the largest known user data leak in history, with 500 million users’ information exposed. However it failed to mention it to its users.

Yahoo called out on “state sponsored hack”

13.-Hacker-1-696x464Troubled search outfit Yahoo has been called out over its claim that it was the victim of a state sponsored hacker in 2014.

Yahoo got into all sorts of hot water after it was revealed that it had been hacked a while ago and forgot to tell anyone It appeared to make matters worse by implying that it was not a regular common garden hack that bought its security to its knees but one of those government hacks which are impossible to stop.

According to InfoArmor, which claims to have some of the stolen information the hack was carried out by a bunch of hackers whose main clients are spammers.  “Group E,” a team of five professional hackers believed to be from Eastern Europe and are not backed by any government at all.

Andrew Komarov, InfoArmor’s chief intelligence officer claimed that Group E was behind high-profile breaches at LinkedIn, Dropbox and Tumblr. To sell that information, the team has used other hackers, such as Tessa88 and peace_of_mind, to offer the stolen goods on the digital black market.

“The group is really unique,” Komarov said. “They’re responsible for the largest hacks in history, in term of users affected.”

InfoArmor’s claims dispute Yahoo’s contention that a “state-sponsored actor” was behind the data breach, in which information from 500 million user accounts was stolen. Some security experts have been skeptical of Yahoo’s claim and wonder why the company isn’t offering more details.

The database that InfoArmor has contains only “millions” of accounts, but it includes the users’ login IDs, hashed passwords, mobile phone numbers and zip codes, Komarov said.

The security firm says it obtained the data from “operative sources” about a week ago and has verified that the account information is real. Komarov wouldn’t say more about how InfoArmor got the data.

Group E has sold the stolen Yahoo database in three private deals, Komarov said. At one point, the Yahoo database was sold for at least $300,000, he said. His firm has been monitoring the group’s activities for more than three years.

 

Yahoo’s hack spinning is not working

ElderlyspinneraTroubled search engine outfit Yahoo is getting itself deeper and deeper into hot water over the hacking scandal.

For those who came in late, Yahoo suffered a major hack which effected 500 million users, however for some reason it forgot to tell people about it for years.

The outfit’s latest trick is to claim that its massive data breach on a “state-sponsored actor” however it has not explained how it arrived at that conclusion. Nor has it provided any evidence.

Security analysts think that Yahoo is not telling the full truth about the hack.. The company has protocols in place that can detect state-sponsored hacking into user accounts. In a December 2015 blog post, the company outlined its policy, saying it will warn users when this is suspected.

Yahoo blaming foreigners is pure spin. There is a perception that while companies can handle ordinary hackers it is unfair to expect them to be able to take on “state hackers.”

In fact, it is pretty likely it was your run-of-the-mill common-garden hacker who took down Yahoo.

National spooks are more interested in state secrets they don’t really care about emails and passwords from a Yahoo account.”

What is also likely is that Yahoo is not talking about the hack because Verizon has agreed to pay $4.8 billion to buy Yahoo.  Verizon might be less keen on buying the company if it knows it has to fork out to buy a mess to clean it up.

Yahoo said it only recently learned of the data breach. But the hack actually occurred back in late 2014 — meaning the perpetrators had two years to secretly exploit the data.  This has got them in trouble with the US government who feels they should have declared it sooner.