Yahoo admitted on Thursday that a data breach from late 2014 has seen sensitive information of about 500 million users being stolen.
A previously unknown indicator of compromise may have been discovered through investigating some current state-sponsored campaigns, cyber security experts believe.
The hack, described as the largest cyber security breach ever, includes names, e-mail addresses, telephone numbers, dates of birth and hashed passwords, and also “encrypted or unencrypted security questions and answers”, said Yahoo in a statement.
It also said it believed that no payment card or bank account data was taken.
How it Happened
Uri Rivner, head of cyber strategy at BioCatch, says, as this was believed to be a state-sponsored attack, the likely vector is spear phishing of Yahoo operations people – followed by taking control over their computer by using remote access, then performing privilege escalation, lateral movement within the network, data exfiltration and then removal of penetration evidence.