Yahoo email breach may have big Atlanta impact

Tech giant took over bellsouth.net domain years ago.


At least a half billion Yahoo user accounts have been compromised, the internet giant said Thursday, in what is likely the largest breach by cyber criminals in U.S. history.

The Yahoo breach, disclosed Thursday but dating to late 2014, is believed to be the work of a “state-sponsored actor,” Yahoo said. It’s also the latest hit to a beleaguered company that was once a darling of Silicon Valley.

The scope of the breach could be quite large in the Southeast, and in Georgia in particular. Yahoo took over management of email for many customers with bellsouth.net addresses years ago, after AT&T acquired Atlanta-based Bellsouth.

A Yahoo spokeswoman declined to comment on the breach beyond a company statement.

Yahoo said it is working with law enforcement to investigate the breach.

Paul Stephens, director of policy and advocacy at Privacy Rights Clearinghouse, told The Atlanta Journal-Constitution the breach of at least 500 million accounts ranks as the largest his organization has seen.

The stolen data includes users’ names, email addresses, telephone numbers, birth dates, hashed passwords, and the security questions — and answers — used to verify an account-holder’s identity.

Many consumers who transact with numerous merchants, email systems and other secure websites, use common user names and password combinations. It’s mainly out of convenience to jog foggy memories, but it can leave people vulnerable to security lapses.

Yahoo and security experts recommend that users change their passwords if they haven’t done so since 2014.

Stephens said consumers will also want to change any common passwords and security questions and answers they use on Yahoo and across other sites, as criminals may now have the wherewithal to hack sensitive data stored elsewhere.

“Any time something like an email account has been breached it is very, very troubling,” Stephens said. “We don’t realize how much information resides on the server of Yahoo [or other email providers].”

Sunnyvale, Calif.-based Yahoo said its investigation so far hasn’t found any evidence that information about users’ bank accounts or credit and debit cards were swiped. It said it has “no evidence” that the attacker is still in Yahoo’s network.

Last month, the tech site Motherboard reported that a hacker who uses the name “Peace” boasted that he had account information belonging to 200 million Yahoo users and was trying to sell the data on the web.

Word of the breach is not surprising given the hacker chatter surrounding the company, said Alex Heid, chief research officer at SecurityScorecard, real-time cybersecurity rating and risk monitoring platform. There have been numerous underground conversations surrounding the tech giant since late June, he said.

Stephens said it’s now clear “the information has been out there for quite some time.”

“It’s impossible to know what uses might have been made of this information to date,” he said.

Most consumers might not think there’s much in their Yahoo account that would be of use to hackers, which typically might only include only their email and Yahoo password. However that simple duo offers multiple users for ingenious hackers bent on extracting the maximum value from information, say experts.

According to a Gartner survey, 50 percent of users reuse their passwords across multiple platforms. Armed with an email address and Yahoo password, hackers might be able to gain access to multiple accounts.

Once hackers gain access to other accounts, they are able to assemble dossiers and include more information from multiple sources over time.

The attackers don’t only use that information to go after bank accounts and credit cards, but also less obvious and harder to track information that is still worth money on the black market, such as loyalty points, avatars and points from online games and stored value in coffee cards. Once accessed, all of these can be siphoned off, bundled and then resold.

News of the breach comes as Yahoo seeks to complete its $4.8. billion sale of its core Internet business to Verizon Communications.

Given the unsettled nature of Yahoo’s ownership, “regulators should be concerned with who will take responsibility for the response to this compromise. It can be easy for the ‘right thing to do’ to slip through the cracks in a multi-billion dollar transition,” said Tim Erlin, senior director of IT security and risk strategy at Tripwire, a computer security firm.

Yahoo CEO Marissa Meyer stands to earn as much as $44 million if she leaves the company as part of that deal.

The Associated Press contributed to this report.



Reader Comments


Next Up in News

Panthers-Vikings game declared 'extraordinary event,' allowing for extra security
Panthers-Vikings game declared 'extraordinary event,' allowing for extra security
Sunday's NFL matchup between the Carolina Panthers and Minnesota Vikings has been declared an "extraordinary event," which gives police more...
Take to task for Sept. 26
Take to task for Sept. 26
New item-Roswell RoadMary Pulling wants something done about a water leak.“There is and has been a leak at 3827 Roswell Road for months.
Calling Trump’s lies what they are
Here’s what we can be fairly sure will happen in Monday’s presidential debate: Donald Trump will lie repeatedly and grotesquely, on a variety of...
Readers Write: Sept. 26
Private prisons are inhumane by natureThe Department of Justice delivered a crushing but deserving blow to the Corrections Corp.
John Beilsmith, 73: Vietnam vet a ‘calm, steady presence’ in many lives
John Beilsmith, 73: Vietnam vet a ‘calm, steady presence’ in many lives
He was just as happy eating escargot as eating a bologna sandwich. His friends were his family, and everyone in his family was his best friend.
More Stories

You have reached your limit of free articles this month.

Enjoy unlimited access to myAJC.com.

Starting at just 99¢ for 8 weeks.

GREAT REASONS TO SUBSCRIBE TODAY!

  • IN-DEPTH REPORTING
  • INTERACTIVE STORYTELLING
  • NEW TOPICS & COVERAGE
  • ePAPER
X

You have read of free premium articles.

Get unlimited access to all of our breaking news, in-depth coverage and bonus content- exclusively for subscribers. Starting at just 99¢ for 8 weeks.

X

Welcome to myAJC.com

This subscriber-only site gives you exclusive access to breaking news, in-depth coverage, exclusive interactives and bonus content.

You can read free articles of your choice a month that are only available on myAJC.com.