September 30, 2016
The massive data breach that Yahoo! confirmed to the world last week is claimed by the company to have been carried out by a “state-sponsored actor” in 2014, which exposed the accounts of at least 500 Million Yahoo users.
But, now it seems that Yahoo has downplayed a mega data breach and triying to hide it’s own security blunder.
Recently the information security firm InfoArmor that analyzed the data breach refuted the Yahoo’s claim, stating that the data breach was the work of seasoned cyber criminals who later sold the compromised Yahoo accounts to an Eastern European nation-state.
Now, there’s one more twist in the unprecedented data heist.
A recent advancement in the report indicates that the number of affected Yahoo accounts may be between 1 Billion and 3 Billion.
An unnamed, former Yahoo executive who is familiar with the company’s security says that the Yahoo’s back-end system’s architecture is designed in such a way that all of its products use one main user database (UDB) to authenticate users, Business Insider reported Friday.
So all usernames and passwords that users enter to log into services like Yahoo Mail, Sports or Finance goes to this one central database to ensure they are valid, allowing them access.
This central database is what got compromised, and therefore, it’s quite difficult to believe that the hackers who compromised the whole database walk away with just a small bunch of “the core crown jewels of Yahoo customer credentials.”
Whoever carried out the hack not only stole usernames and email addresses of affected users but also pilfered other personal information, including their dates of birth, phone numbers, hashed passwords, and unencrypted security answers.