- 23 September 2016
- Technology
-
(테크놀로지) 야후 2년전 사용자 5억명의 개인정보 해킹 당했었다과학과 테크놀로지/테크놀로지 2016. 9. 24. 15:48
출처: http://www.bbc.com/news/world-us-canada-37447016
Yahoo 'state' hackers stole data from 500 million users 2년전 '국가를 위해 일하는 해커들'이 5억명의 개인정보 해킹했었다
Yahoo says "state-sponsored" hackers stole data on about 500 million users in what could be the largest publicly disclosed cyber-breach in history. 야후는 "국가에서 보수를 받는" 해커들이 5억명의 데이타를 해킹했다고 밝혔다. 이 수치는 사이버 위반 역사상 최대 수준.
The breach included swathes of personal information, including names and emails, as well as “unencrypted security questions and answers”. 해킹당한 것은 이름, 이메일, 암호화하지 않은 보안용 질문과 답변들과 같은 개인정보 일체이다. (swathes: 붕대, 감싸는 천, 여기선 일체란 뜻)
The hack took place in 2014 but has only now been made public. 이 해킹은 실제 2014년 발생했으나 지금 공개된 것이다.
In the UK it is believed data on about eight million user accounts was taken in the hack.
Stolen data includes names, email addresses, telephone numbers, dates of birth and encrypted passwords, but not credit card data, Yahoo said.
It said the information was "stolen by what we believe is a state-sponsored actor" but did not say which country it held responsible.
The FBI has confirmed it is investigating the claims.
Password change urged 비밀번호 변경이 시급
News of a possible major attack on the technology firm emerged in August when a hacker known as "Peace" was apparently attempting to sell information on 200 million Yahoo accounts.
On Thursday, Yahoo confirmed the breach was far bigger than first thought. 야후는 해킹사고가 처음 생각했던 것보다 훨씬 방대했다고 밝혔다.
Security expert Troy Hunt provides safety tips to Yahoo users Yahoo is recommending all users should change their passwords if they have not done so since 2014.
In the UK, ISPs Sky and BT issued warnings for customers that they may be affected by the breach as Yahoo provides email services for both ISPs.
Sky estimates that it had about 2.5 million Sky.com email account holders at the time of the breach. It said not all were affected but would advise everyone with a Sky.com email account to update their password.
BT said it was carrying out its own investigation but advised the "minority" of its customers who use Yahoo mail to change their passwords.
Questions for Yahoo - Dave Lee, BBC North America technology reporter, San Francisco
The nature of the information stolen feels somewhat run-of-the-mill - no payment info, and passwords were encrypted. Good. But the chain of events leading up to this unprecedented announcement gives rise to some incredibly pressing questions for Yahoo.
Why did it take so long to confirm the hack and its scale? Why did it take so long to tell users and prompt them to protect themselves?
State-sponsored attacks are typically for political, not financial gain. So why were details reportedly being sold online? What evidence is there that it was state-sponsored?
Verizon, which has agreed to buy Yahoo, said it had not been told until a couple of days ago - why not? And why is Marissa Mayer, a chief executive who has presided over bad deals and now the biggest breach in internet history, still in charge?
Follow Dave on Twitter @DaveLeeBBC
In July, Yahoo was sold to US telecoms giant Verizon for $4.8bn (£3.7bn).
Verizon told the BBC it had learned of the hack "within the last two days" and said it had "limited information".
It added: "Until then, we are not in position to further comment."
Yahoo said in a statement: online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry."
Reuters reported three unnamed US intelligence officials as saying they believed the attack was state-sponsored because it was similar to previous hacks linked to Russian intelligence agencies.
Nikki Parker, vice-president at security company Covata, said: "Yahoo is likely to come under intense scrutiny from regulators, the media and public and rightly so. Corporations can't shy away from data breaches and they must hold their hands up and show that they are committed to resolving the problem."
She added: "Let's hope the ink is dry on the contract with Verizon."
Hack attacks
Attacks on Yahoo have led to some users of the service being hit by hackers. Japan-based writer and journalist Ali Attas said he was devastated when he logged on to his email to find that everything he had sent and received for the last 20 years had disappeared.
"I've lost hundreds of contacts and a lot of very sensitive stuff," said Mr Attas, who lives near Yokohama. "It's devastating."
"My 20 year history has been wiped out. The damage is beyond repair."
In addition to all his personal and work contact details he said the vanished emails also included educational manuscripts he had submitted to publishing houses and a book idea which had been sent to a publisher in New York.
Fortunately he had back-up copies of some of his work.
He said he had set up a new account and emailed Yahoo to see if they can help him recover his work but had yet to receive a reply.
Questions are being asked about the length of time it took Yahoo to fully acknowledge the breach.
"It is really worrying that a breach from 2014 can have gone undetected for so long," said Prof Alan Woodward from the University of Surrey.
"It is also surprising the public statement took so long to appear."
"I would have thought most companies had learned by now that early disclosure is better, even if you have to revise and update as you learn more."
The scale of the hack eclipses other recent, major tech breaches - such as MySpace (359 million), LinkedIn (164 million) and Adobe (152 million).
'과학과 테크놀로지 > 테크놀로지' 카테고리의 다른 글
(테크놀로지) BBC: 왜 한국은 로보트 산업의 이상적인 배양지인가? (0) 2017.12.30 (테크놀로지) 저커버그 부부 2100년까지 모든 질병을 치료 예방 관리하는데 기여하겠다 (0) 2016.09.27 (테크놀로지) 영국정부 데이타 보안문제로 최근 감사보고서에서 두드려맞다 (0) 2016.09.23 (테크놀로지) 기계는 우리를 사이버 공격에서 지켜줄 수 있는가? (0) 2016.08.03 (테크놀로지) ARM은 어떤 기업이고 어째서 240억 파운드의 가치가 있는가? (0) 2016.07.21