#FollowFriday Top News of the Week: The Domino Effect – Breaches Leading Massive Hacks

Travis Anderson

January 31, 2014 - Posted by Travis Anderson to Security News

A developing story began to break headlines late Thursday evening as an important security advisory was sent from Yahoo’s Senior Vice President of Platforms and Personalization Products, Jay Rossiter.  The security advisory, which can be found here, let e-mail users know that Yahoo administrators will be resetting passwords and implementing second sign-in verification of affected users so that they can regain access to their accounts.

Rossiter stated in his message, “Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and e-mail addresses from the affected accounts' most recent sent e-mail.”

There have been several significant data breaches over the course of 2013 that could have provided the information necessary to compromise the notified Yahoo! Mail users, namely World of Warcraft, VBulletin, MacRumors and Adobe.  While it isn’t yet known what data breach gave hackers access to the usernames and passwords, but it is suspected that the lack of differentiated in username/password combinations between different programs and Web services is the reason why the hackers were able to gain access to the Yahoo accounts.

Some additional stories that caught our eye this week:

  • Personal-Data Breaches Like Coke's Aren't Rare
    One of the more incredible stories this week revolved around the stolen, unencrypted data of more than 70,000 current and former North American Coca-Cola employees. Coca-Cola has since recovered the 55 laptops that had been stolen by a former employee over a period of six years. It was reported to all of those potentially affected by the breach as personal data, including driver’s licenses and Social-Security numbers were amongst the data on the laptops.
  • How I lost my $50,000 Twitter username
    A socially-engineered, social-account compromise spread all over the Internet this week when the (former) account owner of the Twitter handle @N blogged about how his Twitter account, valued at roughly $50,000, was taken from him. After years of requests to purchase the account, Naoki Hiroshima chronicled the series of events that led up to the hacker’s successful takeover of the account. The Register also wrote up a great story on Hiroshima’s unfortunate ordeal.
  • Tis The Season For Tax Identity Theft
    Kevin Johnson wrote a nice piece this week on tax season and how it is ripe with opportunity for fraudulent tax returns. Johnson recalls the movie “Identity Thief” that came out this past year and, while the movie magic makes the concept comical for audiences, the threat of identity theft and tax fraud is quite serious. He highlights some of the steps the IRS is taking to combat fraud and really crack down on individuals looking to take advantage of unsuspecting taxpayers prior to April’s deadline.

Check in every Friday for a recap of the biggest IT security stories of the week. As always, please let us know which stories caught your attention and are worthy of a mention.

Click to Tweet: #FF Top News of the Week by @Solutionary | @dangoodin001 @mikeesterl @N_is_stolen @McAllisterNeil goo.gl/3eDsHX

Read more on Solutionary Minds about:

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)