The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Yahoo

Yahoo Hacker linked to Russian Intelligence Gets 5 Years in U.S. Prison

Yahoo Hacker linked to Russian Intelligence Gets 5 Years in U.S. Prison

May 30, 2018Mohit Kumar
A 23-year-old Canadian man, who pleaded guilty last year for his role in helping Russian government spies hack into email accounts of Yahoo users and other services, has been sentenced to five years in prison. Karim Baratov (a.k.a Karim Taloverov, a.k.a Karim Akehmet Tokbergenov), a Kazakhstan-born Canadian citizen, was also ordered on Tuesday by United States Judge Vince Chhabria to pay a fine of $250,000. Baratov had previously admitted his role in the 2014 Yahoo data breach that compromised about 500 million Yahoo user accounts. His role was to "hack webmail accounts of individuals of interest to the FSB," Russia's spy agency. In November, Baratov pleaded guilty to a total of nine counts, including one count of conspiring to violate the Computer Fraud and Abuse Act, and eight counts of aggravated identity theft. According to the US Justice Department, Baratov and his co-defendant hacker Alexsey Belan worked for two agents—Dmitry Dokuchaev and Igor Sushch
Yahoo Reveals 32 Million Accounts Were Hacked Using 'Cookie Forging Attack'

Yahoo Reveals 32 Million Accounts Were Hacked Using 'Cookie Forging Attack'

March 02, 2017Mohit Kumar
Yahoo has just revealed that around 32 million user accounts were accessed by hackers in the last two years using a sophisticated cookie forging attack without any password. These compromised accounts are in addition to the Yahoo accounts affected by the two massive data breaches that the company disclosed in last few months. The former tech giant said that in a regulatory filing Wednesday that the cookie caper is likely linked to the "same state-sponsored actor" thought to be behind a separate, 2014 data breach that resulted in the theft of 500 Million user accounts . "Based on the investigation, we believe an unauthorized third party accessed the company's proprietary code to learn how to forge certain cookies," Yahoo said in its annual report filed with the US Securities and Exchange Commission (SEC). "The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken
Goodbye! Yahoo to rename itself 'Altaba' after Verizon Deal

Goodbye! Yahoo to rename itself 'Altaba' after Verizon Deal

January 10, 2017Swati Khandelwal
It's time to say goodbye to Yahoo! While Yahoo's core internet business was being sold to Verizon for $4.8 Billion , the remaining portions of the company left behind is renaming itself to Altaba Inc, which marks the sad ending of one of the most familiar brand names on the internet. In a public filing with the Securities and Exchange Commission (SEC) on Monday, the company announced that after the planned sale of its core business to telecom giant Verizon, the leftover would change its brand name to Altaba. So, the company's branding you are familiar with will integrate with Verizon, and it is possible that the telecom titan may continue to use the Yahoo brand for some of the services that it will acquire in the deal. The remaining company under the new name Altaba Inc. is hanging on to its 15% ownership of Alibaba and 35.5% stake in Yahoo Japan, which is a joint venture with Softbank. Marissa Mayer to Leave Yahoo Board The newly formed company will operat
Verizon wants $1 Billion Discount on Yahoo Acquisition Deal after Recent Scandals

Verizon wants $1 Billion Discount on Yahoo Acquisition Deal after Recent Scandals

October 07, 2016Swati Khandelwal
It seems like it is not all over for Yahoo yet. Another day, another bad news for Yahoo! Verizon, which has agreed to purchase  Yahoo for $4.8 Billion , is now asking for a $1 Billion discount, according to recent reports. The request comes after Verizon Communications learned about the recent disclosures about hacking  and spying in past few weeks. Just two weeks ago, Yahoo revealed that at least a half Billion Yahoo accounts were stolen in 2014 hack, marking it as the biggest data breach in history. And if this wasn't enough, the company faced allegations earlier this week that it built a secret tool to scan all of its users' emails last year at the behest of a United States intelligence agency. Due to these incidents, AOL CEO Tim Armstrong, who runs the Verizon subsidiary, is "pretty upset" about Yahoo's lack of disclosure, and is even seeking to pull out of the deal completely or cut the price, the New York Post claimed, citing multiple sources.
Yahoo Built a Secret Tool to Scan Your Email Content for US Spy Agency

Yahoo Built a Secret Tool to Scan Your Email Content for US Spy Agency

October 04, 2016Swati Khandelwal
Users are still dealing with the Yahoo's massive data breach that exposed over 1 Billion Yahoo accounts and there’s another shocking news about the company that, I bet, will blow your mind. Yahoo might have provided your personal data to United States intelligence agency when required. Yahoo reportedly built a custom software programmed to secretly scan all of its users' emails for specific information provided by US intelligence officials, according to a report by Reuters . The tool was built in 2015 after company complied with a secret court order to scan hundreds of millions of Yahoo Mail account at the behest of either the NSA or the FBI, according to the report that cites three separate sources who are familiar with the matter. According to some experts, this is the first time when an American Internet company has agreed to such an extensive demand by a spy agency's demand by searching all incoming emails, examining stored emails or scanning a small number
Uh oh, Yahoo! Data Breach May Have Hit Over 1 Billion Users

Uh oh, Yahoo! Data Breach May Have Hit Over 1 Billion Users

October 01, 2016Swati Khandelwal
The massive data breach that Yahoo! confirmed to the world last week is claimed by the company to have been carried out by a "state-sponsored actor" in 2014, which exposed the accounts of at least 500 Million Yahoo users . But, now it seems that Yahoo has downplayed a mega data breach and trying to hide it's own security blunder. Recently the information security firm InfoArmor that analyzed the data breach refuted the Yahoo's claim, stating that the data breach was the work of seasoned cyber criminals who later sold the compromised Yahoo accounts to an Eastern European nation-state. Over 1 Billion Accounts May Have Been Hacked Now, there's one more twist in the unprecedented data heist. A recent advancement in the report indicates that the number of affected Yahoo accounts may be between 1 Billion and 3 Billion. An unnamed, former Yahoo executive who is familiar with the company's security says that the Yahoo's back-end system's arch
Yahoo Confirms 500 Million Accounts Were Hacked by 'State Sponsored' Hackers

Yahoo Confirms 500 Million Accounts Were Hacked by 'State Sponsored' Hackers

September 23, 2016Mohit Kumar
500 million accounts — that's half a Billion users! That's how many Yahoo accounts were compromised in a massive data breach dating back to 2014 by what was believed to be a "state sponsored" hacking group. Over a month ago, a hacker was found to be selling login information related to 200 million Yahoo accounts on the Dark Web , although Yahoo acknowledged that the breach was much worse than initially expected. "A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company's network in late 2014 by what it believes is a state-sponsored actor," reads the statement . Yahoo is investigating the breach with law enforcement agency and currently believes that users' names, email addresses, dates of birth, phone numbers, passwords, and in some cases, encrypted and unencrypted security questions-answers were stolen from millions of Yahoo users. However, the company does not believe
Verizon Set to Buy Yahoo for $5 Billion — Here's Why a Telecom is so Interested!

Verizon Set to Buy Yahoo for $5 Billion — Here's Why a Telecom is so Interested!

July 22, 2016Swati Khandelwal
Finally, Someone has come forward to buy Yahoo! Guess Who? The telecommunication giant Verizon . Yes, Verizon Communications Inc. is reportedly closing in on a deal to acquire Yahoo’s core business for about $5 Billion, according to a report from Bloomberg. Since the agreement between the companies has not been finalized, it is unclear at this moment that which Yahoo's assets the deal would include. "In order to preserve the integrity of the process, we're not going to comment on the issue until we've finalized an agreement," a Yahoo spokeswoman said in a statement provided to CNNMoney. You might be wondering Why Verizon is buying Yahoo! Well, I’ll come to it in the second half of my article, because before discussing this point, let’s first focus on why Yahoo! wants to get acquired. Why Yahoo Was Up For Sale? Founded in 1995, Yahoo! was once the brightest star of the Web. But when its rivals including Google, Facebook and even few-years-old com
SQL Injection Vulnerability in 'Yahoo! Contributors Network'

SQL Injection Vulnerability in 'Yahoo! Contributors Network'

October 09, 2014Mohit Kumar
Yahoo! Contributors Network ( contributor.yahoo.com ), the network of authors that generated the contents such as photographs, videos, articles and their knowledge to more than 600 million monthly visitors, was vulnerable to a Time based Blind SQL Injection vulnerability. Behrouz Sadeghipour, a security researcher reported the Blind SQLi vulnerability in Yahoo! ’s website that could be exploited by hackers to steal users’ and authors’ database, containing their personal information. Behrouz reported this flaw to Yahoo! Security team few months back. The team responded positively and within a month they patched the vulnerability successfully. Unfortunately after that Yahoo! announced to shut down ‘ Yahoo Contributors Network ’ due to its decreasing popularity and removed all the contents from the web, except some of the “work for hire” content may remain on the web. The critical vulnerability was able to expose the database which carried sensitive and personal inform
End-to-End Encryption for Yahoo Mail Coming Next Year

End-to-End Encryption for Yahoo Mail Coming Next Year

August 08, 2014Swati Khandelwal
Today at Black Hat 2014 hacking conference, Yahoo! Chief Information Security Officer Alex Stamos announced that the company will start giving its consumers the option of end-to-end encryption in its Mail service by next year. Google showed off a PGP-based encryption plugin for Gmail back in June. The Purple-hued company will offer encryption via a modified version of the same End-to-End browser plug-in that Google uses for PGP in Gmail, Alex Stamos told the audience at his talk titled Building Safe Systems at Scale - Lessons from Six Months at Yahoo. The PGP plugin will be native in mobile apps allowing Gmail and Yahoo mail to easily exchange encrypted email. Infact, the email providers themselves won’t be able to decrypt messages exchanged between its users. Only senders and recipients will be able to read the messages. In short, it means that Yahoo email users can reportedly send safe and secure messages between Yahoo users and also Gmail adherents without fear, wh
Flickr vulnerable to SQL Injection and Remote Code Execution Flaws

Flickr vulnerable to SQL Injection and Remote Code Execution Flaws

April 14, 2014Wang Wei
Yahoo-owned Flickr , one of the biggest online photo management and sharing website in the world was recently impacted by critical web application vulnerabilities, which left website's database and server vulnerable hackers. Ibrahim Raafat , a security researcher from Egypt has found SQL injection vulnerabilities on  Flickr Photo Books , new feature for printing custom photo books through Flickr that was launched 5 months ago. He claimed to have found two parameters ( page_id , items ) vulnerable to Blind SQL injection and one  (i.e. order_id ) Direct SQL Injection that allowed him to query the Flickr database for its content by the injection of a SQL SELECT statements. A Successful SQL exploitation could allow an attacker to steal the Database and MYSQL administrator password. Furthermore, Flickr's SQL injection flaws also facilitate the attacker to exploit remote code execution on the server and using  load_file(“/etc/passwd“)   function he was successfu
Yahoo's New DMARC Policy Destroys Every Mailing List across the World

Yahoo's New DMARC Policy Destroys Every Mailing List across the World

April 08, 2014Wang Wei
Yahoo! The one who enabled the HTTPS connections by default from the beginning of this year, the one who encrypts traffic moving between its data centers from 31st March , now has been accused of harming every  Mailing List  across the world. Experts from the Internet Engineering Council John R. Levine , specialized in email infrastructure and spam filtering claimed this in the post titled “ Yahoo breaks every mailing list in the world including the IETF's. ” on Internet Engineering Task Force (IETF). Yahoo has established a new rule to automatically exclude Yahoo users from the mailing list, because Mailing List server does not comply with DMARC requirements and they strongly modifies each email. He talks about an “ emerging e-mail security scheme ” known as Domain-based Message Authentication, Reporting and Conformance (DMARC) that has been implemented by almost every largest email service providers, including Gmail, Hotmail, Comcast, and Yahoo. DMARC helps to reduce the p
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.