Yahoo hacked in late 2014 – Breach detected in 2016

25 September 2016

In August 2016, a hacker offered 200 Million Yahoo Accounts for sale on the Darknet. In a first investigation, Yahoo found no evidence for this assertion. But the investigation team found indications for a data breach which happened in 2014.

Last Thursday, Yahoo announced that account information of 500 Million users was stolen in late 2014. The good news is that the company found no evidence that the attackers are still active in their network. And that only names, email addresses, phone numbers, birth dates, encrypted passwords, and, in some cases, security questions and answers were stolen.

That is bad enough, especially because reuse of account information like security questions and answers is a widespread bad habit. Yahoo users are well advised to change their security questions wherever they have reused them.

But what really worries me is that it took about 600 days before the breach was detected. That is far more than the MTTI (Mean Time to Identify) of 206 days the Ponemon Institute estimated in the ‘2015 Cost of Data Breach Study:  Global Analysis’. And more than the max. value of 582 days.

One can only speculate whether indicators of compromise were non-existent or ignored or not recorded or not regularly reviewed. Regular review of event and incident data is a really tough job, but essential if it comes to the assessment of indicators of compromise.

Have a good week.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s