Professional Documents
Culture Documents
Case Study On Yahoo
Case Study On Yahoo
On
Yahoo!!
Grouped by,
Immanuel kumar
Arfat Khan
Kaushal bhuwad
Pratik rajguru
Introduction :-
Yahoo! ,Founded in 1994 by Stanford Ph.D. students David Filo and Jerry Yang, Yahoo!
began as a hobby and has changed the way people communicate with each other, share and
create informations.
Yahoo has been in the market with variety of products and services including search engine,
email, Messenger, News, Analytics services and web hosting.
The headquarters of the company is in Sunnyvale, California and they counting more than
twenty offices around the world.
Yahoo! Inc. has become the world’s largest global online network with more than five
hundred million users in the world.
The Internet service company Yahoo! Was subject to the largest data breach on record.
The first announced breach, reported in September 2016, had occurred sometime in late 2014, and
affected over 500 million Yahoo! User accounts.
A separate data breach, occurring earlier around August 2013, was reported in December 2016.
Initially believed to have affected over 1 billion user accounts.
Yahoo! Later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Both
breaches are considered the largest discovered in the history of the Internet.
Specific details of material taken include names, email addresses, telephone numbers, encrypted or
unencrypted security questions and answers, dates of birth, and hashed passwords.
Further, Yahoo! Reported that the late 2014 breach likely used manufactured web cookies to falsify
login credentials, allowing hackers to gain access to any account without a password.
Yahoo! Has been criticized for their late disclosure of the breaches and their security
measures, and is currently facing several lawsuits as well as investigation by members of
the United States Congress.
The breaches impacted Verizon Communications’s July 2016 plans to acquire Yahoo! For
about $4.8 billion, which resulted in a decrease of $350 million in the final price on the
deal closed in June 2017.
The Three Yahoo Cyber Attacks :-
On March 15, 2017, the FBI officially charged the 2014 breach to four men, including
two that work for Russia's Federal Security Service (FSB)
In its statement, the FBI said "The criminal conduct at issue, carried out and otherwise
facilitated by officers from an FSB unit that serves as the FBI's point of contact in
Moscow on cybercrime matters , is beyond the pale
Legal and commercial
The hack began with a spear-phishing email sent in early 2014 to a Yahoo company employee. It's unclear
how many employees were targeted and how many emails were sent, but it only takes one person to click
on a link, and it happened.
Once Aleksey Belan, a Latvian hacker hired by the Russian agents, started poking around the network, he
looked for two prizes: Yahoo's user database and the Account Management Tool, which is used to edit the
database. He soon found them.
The database contained names, phone numbers, password challenge questions and answers and, crucially,
password recovery emails and a cryptographic value unique to each account.
The account management tool didn't allow for simple text searches of user names, so instead the hackers
turned to recovery email addresses. Sometimes they were able to identify targets based on their recovery
email address, and sometimes the email domain tipped them off that the account holder worked at a
company or organization of interest.
Once the accounts had been identified, the hackers were able to use stolen cryptographic values called
"nonces" to generate access cookies through a script that had been installed on a Yahoo server. Those
cookies, which were generated many times throughout 2015 and 2016, gave the hackers free access to a user
email account without the need for a password.
The hacked users included an assistant to the deputy chairman of Russia, an officer in Russia's Ministry of
Internal Affairs and a trainer working in Russia's Ministry of Sports. Others belonged to Russian journalists,
officials of states bordering Russia, U.S. government workers, an employee of a Swiss Bitcoin wallet company
and a U.S. airline worker.
So clinical was the attack that when Yahoo first approached the FBI in 2014, it went with worries that 26
accounts had been targeted by hackers. It wasn't until late August 2016 that the full scale of the breach began
to become apparent and the FBI investigation significantly stepped up.
In December 2016, Yahoo went public with details of the breach and advised hundreds of millions of users to
change their passwords.
Thank
You