A developing story began to break headlines late Thursday evening as an important security advisory was sent from Yahoo’s Senior Vice President of Platforms and Personalization Products, Jay Rossiter. The security advisory, which can be found here, let e-mail users know that Yahoo administrators will be resetting passwords and implementing second sign-in verification of affected users so that they can regain access to their accounts.
Rossiter stated in his message, “Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and e-mail addresses from the affected accounts' most recent sent e-mail.”
There have been several significant data breaches over the course of 2013 that could have provided the information necessary to compromise the notified Yahoo! Mail users, namely World of Warcraft, VBulletin, MacRumors and Adobe. While it isn’t yet known what data breach gave hackers access to the usernames and passwords, but it is suspected that the lack of differentiated in username/password combinations between different programs and Web services is the reason why the hackers were able to gain access to the Yahoo accounts.
Some additional stories that caught our eye this week:
- Personal-Data Breaches Like Coke's Aren't Rare
One of the more incredible stories this week revolved around the stolen, unencrypted data of more than 70,000 current and former North American Coca-Cola employees. Coca-Cola has since recovered the 55 laptops that had been stolen by a former employee over a period of six years. It was reported to all of those potentially affected by the breach as personal data, including driver’s licenses and Social-Security numbers were amongst the data on the laptops.
- How I lost my $50,000 Twitter username
A socially-engineered, social-account compromise spread all over the Internet this week when the (former) account owner of the Twitter handle @N blogged about how his Twitter account, valued at roughly $50,000, was taken from him. After years of requests to purchase the account, Naoki Hiroshima chronicled the series of events that led up to the hacker’s successful takeover of the account. The Register also wrote up a great story on Hiroshima’s unfortunate ordeal.
- Tis The Season For Tax Identity Theft
Kevin Johnson wrote a nice piece this week on tax season and how it is ripe with opportunity for fraudulent tax returns. Johnson recalls the movie “Identity Thief” that came out this past year and, while the movie magic makes the concept comical for audiences, the threat of identity theft and tax fraud is quite serious. He highlights some of the steps the IRS is taking to combat fraud and really crack down on individuals looking to take advantage of unsuspecting taxpayers prior to April’s deadline.
Check in every Friday for a recap of the biggest IT security stories of the week. As always, please let us know which stories caught your attention and are worthy of a mention.
Click to Tweet: #FF Top News of the Week by @Solutionary | @dangoodin001 @mikeesterl @N_is_stolen @McAllisterNeil goo.gl/3eDsHX
Read more on Solutionary Minds about: