Millions hit by Yahoo Japan hack attack

When you have general news to share - put it HERE (If it's tech related please put in the tech news zone)

Millions hit by Yahoo Japan hack attack

Postby DaFoxx » Mon May 20, 2013 11:57 am
Up to 22 million login names may have been stolen during a hack attack on Yahoo Japan.

A file of ID details for about one tenth of its 200 million members was stolen during the attack, it said.

The file did not include all the information needed by attackers to impersonate users.

Despite this, it said it would urge people to change their passwords to thwart attempts to take over Yahoo accounts.

The attack on Yahoo Japan's administration system was spotted late on 16 May, said the company in a statement. When the attack was detected, the tech firm cut net access while it investigated.

The volume of traffic between Yahoo's back end admin system and the wider internet during the attack strongly suggested that a file of 22 million IDs had been stolen.

Yahoo said it did not know for sure that the file had been taken but told AFP it could not "deny the possibility".

The file did not contain passwords or other information that could be used to re-set a password or confirm an identity, it said.

Yahoo Japan, jointly owned by mobile firm Softbank and Yahoo, said it had tightened security measures in the wake of the attack and was investigating to ensure attackers could not repeat the theft. It was also contacting users to tell them to change their login passwords.
Beware of Geeks bearing GIF's :mrgreen:
User avatar
Posts: 8597
Joined: Sun Dec 25, 2005 1:20 am
Location: 3rd Rock from the Sun

Re: Millions hit by Yahoo Japan hack attack

Postby rapier57 » Mon May 20, 2013 5:26 pm

So, the investigation will probably lead to an initial spear-phishing attack or other social engineering activity that provided some sensitive or leverage-able credentials. Unfortunately, this is too common and too much attention is paid to technical solutions and too little to simple, social vectors. People will click or reply "just to be on the safe side," when things happen. No amount of security awareness training seems to work.

Mitigations must be in place that nullify the act of clicking on an email link, replying to a fake support email, or clicking on a pop-up that claims your computer is infected. Egress filtering, white-listing and directory services settings can do much of that.

Unfortunately, too much of our effort is spent applying technical solutions to security problems and the human element is ignored. The human element (hacking the human) is the primary weak link in our security tool kit.


See how one can take a news post to promote a favorite stance?

Jayne: Testing. Testing. Captain, can you hear me?
Mal: I'm standing right here.
Jayne: You're coming through good and loud.
Mal: 'Cause I'm standing right here.

User avatar
I've posted HOW many
Posts: 3132
Joined: Thu Mar 02, 2006 10:43 pm
Location: Spokane, WA USA

Return to News Room

Who is online

Users browsing this forum: No registered users and 26 guests