“The state who funds hackers” – Rumours of hackers who were sponsored by the state to hack Yahoo accounts

More than half a billion Yahoo user accounts were hacked in 2014. The hack is the latest of the recent big hacking scandals, like Last.fm in March 2012, dating websites Ashley Madison and Beautiful People, and a whole host of others.

However, the popular email server’s hack is thought to be the ‘largest internet theft on record’ (source). The personal data that was hacked included the names, email addresses, telephone numbers, dates of births, and passwords of affected users. What is more concerning is the suggestion of a “state-sponsored actor” being behind the cyber theft. Intelligent agencies across the globe are investigating the matter.

Global phenomenon

Yahoo did not reveal which state they thought was behind the attack, and neither did they publicise which areas of the world that were affected.

Many users are worried for their personal data, as the breach could have unintended consequences for other online accounts people use. A Yahoo user, Scott Braun, said “I suppose a hacker could make the connection between my Yahoo and Gmail” – the worry being then getting in to other accounts and being able to commit fraudulent activity or identity theft.

Yahoo are being sued – the question is, did they do enough to prevent the hack?

The mainstream media has focused its attention on the massive scale of the hack, but shouldn’t our attentions be focused on why Yahoo has only published the data notifying users of this breach two years on from the act? This is supported by the U.S. Senator, Richard Blumenthal, who said “if Yahoo knew about the hack as early as August, and failed to coordinate with law enforcement, taking this long to confirm the breach is a blatant betrayal of their users’ trust” (source).

After Yahoo disclosed the hack late September, many users took to social media to vent their frustration and anger that it has taken two years to uncover the news. This could have allowed many users’ personal details to be passed about unknowingly, and people may already have been successfully targeted by cyber criminals.

However, security experts like Tom Patterson, VP of global security at Unisys, says it is not an uncommon thing for a lag in finding out about the hack, and disclosing it to the public – and we know this ourselves. This may be the case when it comes to the company’s – as well as the public’s – attention when the information is sold on a couple of years later. Even Verizon, a company that is looking to merge with Yahoo, was told the news a few days ago.

This does not take away from the fact that Yahoo, a popular email network with millions of users, should have had adequate security to prevent hacks. If Yahoo did not have adequate security, the hack could be considered as a breach of our rights under the Data Protection Act 1998. The Act was created with the purpose of protecting an individual’s personal data held by companies and other organisations. The company is then responsible for handling personal data in the correct way.

Yahoo confirmed that all passwords used the hashing process which allows you to enter your password without storing the password. They continue to say that most passwords incorporated ‘salt’ into their passwords which ensures that an identical password will be stored differently on the database.

No simple solution

Hacking is not a modern concept – it is a global crime with no simple solutions. Yahoo has urged users to change their passwords as well as close down the accounts that are not in use.

If you believe you have been a victim of cyber theft, please come forward and our dedicated team of lawyers will do their best to fight for your rights.

“Paperless NHS with a Data Protection Risk” – Plans to bring the NHS into the ‘digital age’ could mean data protection risks for all NHS patients

Webcam flaws allow people to peer into other people’s lives!