informa
/
Cloud
Quick Hits

Yahoo Confirms August Data Dump Issue Unrelated To Breach Of 500 Million Users

No 'connection' between August 2016 data dump claims and 2014 nation-state attack, company says.

When Yahoo last Thursday revealed that it had been hit in 2014 by a nation-state hacker group in a breach that exposed a half a billion Yahoo user accounts, the company didn't mention the infamous online sale by a hacker known as "Peace" or "Peace_of_Mind" in August that purportedly was offering some 200 million pilfered Yahoo user credentials.

At the time of that August 2016 revelation, Yahoo told Motherboard it was investigating the report.

As initially reported by Dark Reading, some security experts were skeptical from the get-go that the newly revealed 2014 breach was related to the Peace incident.

And Yahoo has now officially confirmed that connecting the two issues is "inaccurate."

"As we disclosed yesterday, a recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from our systems in late 2014 by what we believe is a state-sponsored actor. Our investigation into this matter is ongoing and the issues are complex," Yahoo said in a statement Friday.

"Some things, however, are clear: Yahoo has never had reason to believe there is any connection between the security issue disclosed yesterday and the claims publicized by a hacker in August 2016. Conflating the two events is inaccurate."

Dark Reading last Thursday had inquired with Yahoo whether the two events were connected, but did not receive a response from the firm until today, after a subsequent inquiry.

 

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5