Yahoo Confirms August Data Dump Issue Unrelated To Breach Of 500 Million Users
No 'connection' between August 2016 data dump claims and 2014 nation-state attack, company says.
When Yahoo last Thursday revealed that it had been hit in 2014 by a nation-state hacker group in a breach that exposed a half a billion Yahoo user accounts, the company didn't mention the infamous online sale by a hacker known as "Peace" or "Peace_of_Mind" in August that purportedly was offering some 200 million pilfered Yahoo user credentials.
At the time of that August 2016 revelation, Yahoo told Motherboard it was investigating the report.
As initially reported by Dark Reading, some security experts were skeptical from the get-go that the newly revealed 2014 breach was related to the Peace incident.
And Yahoo has now officially confirmed that connecting the two issues is "inaccurate."
"As we disclosed yesterday, a recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from our systems in late 2014 by what we believe is a state-sponsored actor. Our investigation into this matter is ongoing and the issues are complex," Yahoo said in a statement Friday.
"Some things, however, are clear: Yahoo has never had reason to believe there is any connection between the security issue disclosed yesterday and the claims publicized by a hacker in August 2016. Conflating the two events is inaccurate."
Dark Reading last Thursday had inquired with Yahoo whether the two events were connected, but did not receive a response from the firm until today, after a subsequent inquiry.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024