Tag Archives: data breach

Who’s Behind the Yahoo Attack? It might be Russian Agents

We’re all familiar with the massive data leaks that Yahoo suffered last year. But until recently, we had very little in the way of clues as to who was behind the attacks which started at the beginning of 2014. As more evidence comes to light, it’s becoming increasingly apparent that this is not your run-of-the-mill cybercrime. According to a recent indictment by the US Department of Justice, the folks behind that attack appear to be agents of the Russian Federal Security Service.

The theft of 500 million Yahoo accounts three years ago was allegedly used as a way for the Russian government to access information on a series of targets ranging from the White House itself to cloud computing companies. Military officials, executives of financial companies, and even an airline company were also among the targeted.

In the name of espionage, this attack gave hackers the means of stealing data such as names, email addresses, and credentials. According to information provided by Yahoo in their announcement of the breach, the culprits would not have been able to access data of a more confidential nature, such as sensitive financial information.

In a somewhat ironic turn of events, the information provided by the Justice Department indictment appears to indicate that the stolen data was also used to spy on Russian government officials.

The Yahoo Attack: A Breach to Go Down in History

While this would not be the first time that Russian cybercriminals have been accused of data theft, it is in fact the first time that charges have been filed against officials operating in the shadow of Vladimir Putin. Although the agency is supposed to help agencies of other countries track down Russian cybercriminals, in this case two of its own operatives allegedly collaborated to conceal the robbery from their superiors.

“The involvement and direction of F.S.B. officers with law enforcement responsibilities makes this conduct that much more egregious,” said acting assistant US Attorney General Mary B. McCord.

Although the Russian administration has not given an official response to the US indictment, the country’s press has called into question the US Department of Justice’s movement.

In any case, and regardless of who is responsible for these or other breaches, massive data leaks at services such as Yahoo highlight the need to use secure credentials and a protection that is suited to the needs of your company to prevent the theft of confidential information, or even considerable sums of money, in the event of a cyberattack.

The post Who’s Behind the Yahoo Attack? It might be Russian Agents appeared first on Panda Security Mediacenter.

Millions of iCloud Accounts Could Be Wiped if Apple Refuses Ransom

No less than $75,000 in cryptocurrency (Bitcoin or Ether), or $100,000 in iTunes gift cards — this is the exorbitant ransom that cybercriminals have demanded from Apple. The group, calling themselves the Turkish Crime Family, claims to have stolen access to 300 million iCloud accounts, and have threatened to wipe them on April 7 (tomorrow) if the corporation doesn’t pay up.

The cybercriminals sent a series of screen shots to Motherboard that apparently show the exchange of emails between the hacker group and Apple’s security team. They also provided access to one of the email accounts that they allegedly used to communicate with the company and lay down their conditions for the deal.

According to the messages on the account, the cybercriminals uploaded videos to YouTube to show how they were able to log in to several stolen iCloud accounts and even showed how they were able to access an elderly woman’s photos and remotely delete them.

Apple Won’t Be Had So Easily

Allegedly, an Apple employee had asked the criminals to take down the video that they’d uploaded to YouTube. The company also declared, “We do not reward cyber criminals for breaking the law”.

There are a few holes in the attackers’ story. In the initial correspondence, they claimed to have accessed 300 million accounts on Apple’s iCloud, but on the Turkish Crime Family twitter account the claim was a more modest 200 million. In a later correspondence, the number jumped up to 559 million.

I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing,” one of the hackers told Motherboard. It seems clear that one of the strategies of this group is to blackmail Apple by making their actions public, alarming as many Apple clients as possible.

However, a spokesperson for Apple has stated that “there have not been any breaches in any of Apple’s systems including iCloud and Apple ID.” The supposed list of email addresses and passwords may therefore have been obtained through a third-party service that had been previously compromised.

The spokesperson also stated that they are “actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved.” We’ll have to wait until tomorrow to see if there is a real threat, or if the hackers are simply bluffing.

In any event, the company has taken the opportunity to remind users to use robust passwords, that they don’t use the same credentials over various websites, and that they activate two-step authentication to add an extra layer of security.

The post Millions of iCloud Accounts Could Be Wiped if Apple Refuses Ransom appeared first on Panda Security Mediacenter.

US Charges Two Russian Spies & Two Hackers For Hacking 500 Million Yahoo Accounts

The 2014 Yahoo hack disclosed late last year that compromised over 500 million Yahoo user accounts was believed to be carried out by a state-sponsored hacking group.

Now, two Russian intelligence officers and two criminal hackers have been charged by the US government in connection with the 2014 Yahoo hack that compromised about 500 million Yahoo user accounts, the Department of Justice

Database of 1.4 Billion Records leaked from World’s Biggest Spam Networks

A database of 1.4 billion email addresses combined with real names, IP addresses, and often physical address has been exposed in what appears to be one the largest data breach of this year.

What’s worrisome? There are high chances that you, or at least someone you know, is affected by this latest data breach.
<!– adsense –>
Security researcher Chris Vickery of MacKeeper and Steve Ragan of

Yahoo Hacked Once Again! Quietly Warns Affected Users About New Attack

Has Yahoo rebuilt your trust again?

If yes, then you need to think once again, as the company is warning its users of another hack.

Last year, Yahoo admitted two of the largest data breaches on record. One of which that took place in 2013 disclosed personal details associated with more than 1 Billion Yahoo user accounts.

Well, it’s happened yet again.
<!– adsense –>
Yahoo sent out another