Data security experts on Thursday said the giant hack at Yahoo may have left CEO Marissa Mayer’s e-mail vulnerable.
Yahoo brass and rank-and-file all use the Yahoo e-mail service, possibly leaving everyone open to the kind of problems that Sony experienced back in 2014, sources said.
Sony studio chief Amy Pascal was dumped in the wake of that hack after e-mails surfaced showing that she joked about what could be President Obama’s favorite movies.
A cyber expert, Alex Heid, told there has been a huge uptick in user e-mails appearing on hacker forums looking to steal Netflix passwords and bank details.
“There’s a very high probability when someone’s credentials are pilfered and used to log in, they can export the data,” said Heid, the chief research officer at SecurityScorecard.
In the crypto-market place, a single cache of 500 million Yahoo e-mail accounts is being sold for $1,800, Heid said.
“In this breach it’s Yahoo customers, but you might have state figureheads and important officials who make use of their personal Yahoo accounts,” he added.
Yahoo will not comment on the vulnerability of any e-mail, sources said.
The tech world has been abuzz since Yahoo, in the midst of being purchased by Verizon for $4.8 billion, announced on Sept. 22 that it was hacked in 2014 and that personal information including encrypted passwords were stolen on 500 million user accounts
* The Securities Exchange Commission has started investigating whether Yahoo properly disclosed the breach to investors, several sources The SEC declined comment.
* Yahoo, sources said, told some large investors that it was dissuaded from disclosing its probe into the hack, which began in August, because the FBI had become involved. Yahoo had said it notified authorities and the public as soon as it discovered the hack.
* “It’s not hard to believe [that certain federal agencies] would say, ‘Let us investigate before you go public with this,’ ” said Robert Cattanach, a partner with the law firm Dorsey & Whitney, who specializes in cybersecurity and data breaches.
* On Tuesday, six senators demanded Yahoo brief them on a timeline of events.
* Verizon is setting aside a reserve for liabilities connected to the data theft, sources said.
A senior industry source suggested that figure could be as much as $1 billion or $2 per user account. At the same time, others have suggested a reserve closer to 25 cents per user account was more in line with the threat.
Verizon declined to comment on the $1 billion figure.