No 'connection' between August 2016 data dump claims and 2014 nation-state attack, company says.

Dark Reading Staff, Dark Reading

September 27, 2016

1 Min Read

When Yahoo last Thursday revealed that it had been hit in 2014 by a nation-state hacker group in a breach that exposed a half a billion Yahoo user accounts, the company didn't mention the infamous online sale by a hacker known as "Peace" or "Peace_of_Mind" in August that purportedly was offering some 200 million pilfered Yahoo user credentials.

At the time of that August 2016 revelation, Yahoo told Motherboard it was investigating the report.

As initially reported by Dark Reading, some security experts were skeptical from the get-go that the newly revealed 2014 breach was related to the Peace incident.

And Yahoo has now officially confirmed that connecting the two issues is "inaccurate."

"As we disclosed yesterday, a recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from our systems in late 2014 by what we believe is a state-sponsored actor. Our investigation into this matter is ongoing and the issues are complex," Yahoo said in a statement Friday.

"Some things, however, are clear: Yahoo has never had reason to believe there is any connection between the security issue disclosed yesterday and the claims publicized by a hacker in August 2016. Conflating the two events is inaccurate."

Dark Reading last Thursday had inquired with Yahoo whether the two events were connected, but did not receive a response from the firm until today, after a subsequent inquiry.

 

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights