Millions hit by Yahoo Japan hack attack

When you have general news to share - put it HERE. Anything you find newsworthy that you think others might be interested in post away! (If it's tech related please put in the tech news zone)
Post Reply
User avatar
Posts: 8785
Joined: Sun Dec 25, 2005 1:20 am
Are you a Spammer: No
Location: 3rd Rock from the Sun

Millions hit by Yahoo Japan hack attack

Post: # 143631Post DaFoxx
Mon May 20, 2013 11:57 am
Up to 22 million login names may have been stolen during a hack attack on Yahoo Japan.

A file of ID details for about one tenth of its 200 million members was stolen during the attack, it said.

The file did not include all the information needed by attackers to impersonate users.

Despite this, it said it would urge people to change their passwords to thwart attempts to take over Yahoo accounts.

The attack on Yahoo Japan's administration system was spotted late on 16 May, said the company in a statement. When the attack was detected, the tech firm cut net access while it investigated.

The volume of traffic between Yahoo's back end admin system and the wider internet during the attack strongly suggested that a file of 22 million IDs had been stolen.

Yahoo said it did not know for sure that the file had been taken but told AFP it could not "deny the possibility".

The file did not contain passwords or other information that could be used to re-set a password or confirm an identity, it said.

Yahoo Japan, jointly owned by mobile firm Softbank and Yahoo, said it had tightened security measures in the wake of the attack and was investigating to ensure attackers could not repeat the theft. It was also contacting users to tell them to change their login passwords.

Beware of Geeks bearing GIF's :shock:

User avatar
I've posted HOW many
Posts: 3127
Joined: Thu Mar 02, 2006 10:43 pm
Are you a Spammer: No
Location: Spokane, WA USA

Re: Millions hit by Yahoo Japan hack attack

Post: # 143636Post rapier57
Mon May 20, 2013 5:26 pm

So, the investigation will probably lead to an initial spear-phishing attack or other social engineering activity that provided some sensitive or leverage-able credentials. Unfortunately, this is too common and too much attention is paid to technical solutions and too little to simple, social vectors. People will click or reply "just to be on the safe side," when things happen. No amount of security awareness training seems to work.

Mitigations must be in place that nullify the act of clicking on an email link, replying to a fake support email, or clicking on a pop-up that claims your computer is infected. Egress filtering, white-listing and directory services settings can do much of that.

Unfortunately, too much of our effort is spent applying technical solutions to security problems and the human element is ignored. The human element (hacking the human) is the primary weak link in our security tool kit.


See how one can take a news post to promote a favorite stance?

Jayne: Testing. Testing. Captain, can you hear me?
Mal: I'm standing right here.
Jayne: You're coming through good and loud.
Mal: 'Cause I'm standing right here.


Post Reply