Photographee.eu - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Risk & Repeat: Accused Yahoo hackers indicted

Listen to this podcast

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the indictments of the alleged Yahoo hackers and how the attackers minted Yahoo authentication cookies.

Following the indictments of four men in connection with the 2014 Yahoo data breach, more information has surfaced about the incident, including the details behind the malicious use of authentication cookies.

The alleged Yahoo hackers include three Russian nationals, two of whom are officers of the Russian Federal Security Service, and one Kazakh national living in Canada, who was the only one of the four arrested by authorities.

The Department of Justice's (DOJ) case against the four accused Yahoo hackers claims they breached the department's network and stole information for at least 500 million user accounts, which they then used to break into email accounts on Yahoo, Google and others. The DOJ claimed the four suspects targeted the accounts of Russian journalists, U.S. and Russian government officials and private sector employees.

In addition, authorities said the alleged Yahoo hackers were able to obtain certain information required to manually create or mint authentication cookies for the email provider. The DOJ claims the suspects were able to use these minted authentication cookies to access at least 6,500 accounts without authorization, though authorities haven't yet specified the motives for these attacks.

In this week's episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss the latest on the Yahoo breach and the accused Yahoo hackers, and break down how authentication cookies can be abused by threat actors.

Next Steps

Risk & Repeat: Vault 7 leak creates confusion

Risk & Repeat: A closer look at the Amazon Simple Storage Service outage

Risk & Repeat: Cloudbleed bug poses response challenges

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

In light of the Yahoo breach, what should be done about using authentication cookies for email access?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close