Yahoo vừa thông báo rằng
họ đã phát hiện ra một vụ tấn công nghiêm trọng vào hệ thống của mình. Sự việc
xảy ra vào khoảng cuối năm 2014 và đã làm lộ thông tin của ít nhất là 500
triệu tài khoản người dùng. Công ty tin rằng họ đã bị tấn công bởi "một
nhân tố có chính phủ nào đó đứng sau". Những thông tin bị rò rỉ bao gồm
tên, địa chỉ email, số điện thoại, ngày sinh, password đã bị băm thành chuỗi
mã, và trong một số trường hợp cũng lộ luôn câu hỏi bảo mật lẫn câu
trả lời (tức là có khả năng bị khai thác để reset password và chiếm tài khoản).
Công ty nói thêm vụ hack này
không làm rò rỉ password gốc, thông tin thẻ tín dụng hay tài khoản ngân hàng.
Sự việc bị phát hiện khi có một hacker bán thông tin của 200 triệu tài khoản người dùng Yahoo trên mạng hồi tháng 8 vừa rồi. Sau đó Yahoo bắt tay vào điều tra và có được kết quả như hôm nay. Hiện hãng đang làm việc với các cơ quan thi hành luật để điều tra kĩ hơn. Yahoo không nói lý do vì sao họ nghĩ rằng mình đã bị tấn công bởi hacker được tài trợ bởi chính phủ.
Dù sao thì đây cũng
là một sự việc rất nghiêm trọng, nhất là khi Yahoo vừa được mua Verizon mua lại
với giá 4,83 tỉ USD và theo trang Recode, có khả năng thương vụ sẽ bị ảnh hưởng
ít nhất vì vụ hack.
Big email hack doesn't
exactly send the message Yahoo needed
SAN FRANCISCO —
Yahoo has been struggling for years to keep people coming back to its digital
services such as email. That challenge just got more daunting after hackers
stole sensitive information from at least 500 million accounts.
The startling breach
disclosed Thursday is believed to be the largest to hit a single
email provider. The security breakdown risks magnifying Yahoo's preexisting
problems — specifically, that it is losing users, traffic and the advertising
revenue that follows both, to rivals such as Google and Facebook.
Some snarky online
commentators quipped that the hack would have been far more devastating if
people actually still used the company's services. While there's some truth to
that observation, millions around the world still rely on Yahoo mail and other
services, and are now potentially at risk of identity theft or worse.
LOSING USERS
And if these people
give up on Yahoo as a result, the consequences for the company itself — now
scheduled to become part of Verizon as soon as its $4.8 billion deal closes —
could also be dire. "Yahoo may very well be facing an existential
crisis," said Corey Williams, senior director of products and marketing at
the computer security firm Centrify.
Yahoo was already
facing a steep decline in email traffic, despite CEO Marissa Mayer's efforts to
upgrade the service in order to foster more user loyalty. In July, 161 million
people worldwide used Yahoo email on personal computers, a 30 per cent decline
from the same time in 2014, when the breach first occurred. That's according to
the latest data from the research firm comScore. By contrast, Google's rival
Gmail service saw desktop users rise 9 per cent to nearly 429 million over the
same period.
The email breach
raises questions about Yahoo's ability to maintain secure and effective
services, particularly since it's been laying off staff and trimming expenses
to counter a steep drop in revenue over the past eight years.
At the time of the
break-in, Yahoo's security team was led by Alex Stamos, a respected industry
executive who left last year to take a similar job at Facebook.
ONCE MORE UNTO THE
BREACH
Yahoo didn't explain
what took so long to uncover a heist that it blamed on a "state-sponsored
actor" — parlance for a hacker working on behalf of a foreign government.
The Sunnyvale,
California, company declined to explain how it reached its conclusions about
the attack for security reasons, but said it is working with the FBI and other
law enforcement. Yahoo began investigating a possible breach in July, around
the time the tech site Motherboard reported that a hacker who uses the name
"Peace" was trying to sell account information belonging to 200
million Yahoo users.
Yahoo didn't find
evidence of that reported hack, but additional digging later uncovered a far
larger, allegedly state-sponsored attack.
"We take these
types of breaches very seriously and will determine how this occurred and who
is responsible," the FBI said in a Thursday statement.
MOST ACCOUNTS EVER
STOLEN
The Yahoo theft
represents the most accounts ever stolen from a single email provider, according
to computer security analyst Avivah Litan with the technology research firm
Gartner Inc.
"It's a
shocking number," Litan said. "This is a pretty big deal that is
probably going to cost them tens of millions of dollars. Regulators and lawyers
are going to have a field day with this one."
Yahoo says it has
more than 1 billion monthly users, although it hasn't disclosed how many of
those people have email accounts.
The data stolen from
Yahoo includes users' names, email addresses, telephone numbers, birth dates,
scrambled passwords, and the security questions — and answers — used to verify
an accountholder's identity. The company said the attacker didn't get any
information about its users' bank accounts or credit and debit cards.
Security experts say
the Yahoo theft could hurt the affected users if their personal information is
mined to break into other online services or used for identity theft. All
affected users will be notified about the theft and advised how to protect
themselves, according to the company.
Yahoo also is
recommending that all users change their passwords if they haven't done so
since 2014. If the same password is used to access other sites, it should be
changed too, as should any security questions similar to those used on Yahoo.
THE VERIZON IMPACT
News of the security
lapse could cause some people to have second thoughts about relying on Yahoo's
services, raising a prickly issue for the company as it tries to sell its
digital operations to Verizon.
That deal, announced
two months ago, isn't supposed to close until early next year. That leaves
Verizon with wiggle room to renegotiate the purchase price or even back out if
it believes the security breach will harm Yahoo's business. That could happen if
users shun Yahoo or file lawsuits because they're incensed by the theft of
their personal information.
Verizon said it
still doesn't know enough about the Yahoo break-in to assess the potential
consequences. "We will evaluate as the investigation continues through the
lens of overall Verizon interests, including consumers, customers, shareholders
and related communities," the company said in a statement.
DELAY OF SALE?
At the very least,
Verizon is going to need more time to assess what it will be getting into if it
proceeds with its plans to take over Yahoo, said Scott Vernick, an attorney
specializing in data security for the law firm Fox Rothschild.
"This is going
to slow things down. There is going to be a lot of blood, sweat and tears shed
on this" Vernick said. "A buyer needs to understand the cybersecurity
strengths and weaknesses of its target these days."
Michael Liedtke, The
Associated Press
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.