Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hanqing Zhou|Yijiang Li|Jason M Mays|Karabo Ntokwane|Qianru Yang

Published by粕 倪 Modified over 5 years ago

Similar presentations

Presentation on theme: "Hanqing Zhou|Yijiang Li|Jason M Mays|Karabo Ntokwane|Qianru Yang"— Presentation transcript:

1 Hanqing Zhou|Yijiang Li|Jason M Mays|Karabo Ntokwane|Qianru Yang
Yahoo Data Breach Team 4 Hanqing Zhou|Yijiang Li|Jason M Mays|Karabo Ntokwane|Qianru Yang

2 Background The Internet service company Yahoo! reported two major data breaches of user account data to hackers during Both breaches are considered the largest discovered in the history of the Internet : First announced breach Reported in September 2016, had occurred sometime in late 2014 Second announced breach Occurring earlier around August 2013, was reported in December 2016. Specific details of material taken include: names, addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords

3 What Happened & How In July 2016, account names and passwords for about 200 million Yahoo! accounts were for sale on "TheRealDeal" The seller--"Peace_of_Mind" stated in confidential interviews with Vice and Wired. Peace has previously been connected to sales of similar private information data from other hacks including that from the 2012 LinkedIn hack. Peace stated the data likely dates back to 2012, while some of the sample accounts were still active, they lacked necessary information to fully login properly, reflecting their age. Experts believe that Peace is only a broker of the information that hackers obtain and sell through him. Yahoo! stated they were aware of the data and were evaluating it, cautioning users about the situation but did not reset account passwords at that time.

4 Impact on the Customers
Customer data that was leaked include names, addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords Such information, especially security questions and answers, could help hackers break into victims' other online accounts

5 Impact on the Employees
CEO stepped down Legal advisor resigned Operational disruptions

6 Impact on the business reputation
Loss of Customer trust Brand devaluation Yahoo! is currently facing an SEC investigation Verizon and Yahoo will share the costs of the FBI investigation and other potential third party investigations

7 Impact on the business (financial)
$16 million in direct costs related to the breaches, costs and liabilities created by lawsuits from customers and partners. class-action lawsuit shareholder lawsuits Verizon acquired Yahoo deal by $350 million less Share prices went down by 5% AT&T dropped revenue share agreement

8 Root Cause Outdated Data-Encryption Technology
Vulnerability and weakness of MD5 algorithms Cryptographically broken of Customer accounts data MD5 algorithms vs. Hashing algorithms

9 Other Causes Secure Team’s failure on Security Practices
Low priority of an upgraded data protection tool A Long-term Recession of Yahoo’s Business Less budget of security due to bad business Importance of system performance than security

10 What controls were missing?
Lost enforcement on security Q&A encryption Cookie-basic attack and phishing attacks Part of account used MD5 algorithm Delay in discovering and reporting Dismissive of InfoArmor's services

11 Our Recommendations Full conversion from MD5 and SHA-1 algorithm to bcrypt for certificates and passwords. Reissue certificates to external Yahoo websites on a routine schedule. Prioritizing security as equal to consumer products. Develop a crisis management plan to address future breaches.

12 Thank you!

Download ppt "Hanqing Zhou|Yijiang Li|Jason M Mays|Karabo Ntokwane|Qianru Yang"

Similar presentations

© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Application Security and Testing.

© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Application Security and Testing.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
Ethical Hacking by Shivam.

Ethical Hacking by Shivam.
Government Databases and You or How I Learned to Stop Worrying and Love Information Loss. By Patrick Fahey Mis 304.

Government Databases and You or How I Learned to Stop Worrying and Love Information Loss. By Patrick Fahey Mis 304.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Evolving Threats. Application Security - Understanding the Problem DesktopTransportNetworkWeb Applications Antivirus Protection Encryption (SSL) Firewalls.

Evolving Threats. Application Security - Understanding the Problem DesktopTransportNetworkWeb Applications Antivirus Protection Encryption (SSL) Firewalls.
Special Anatomy of an Attack Or Layered Security Failure.

Special Anatomy of an Attack Or Layered Security Failure.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.

 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.
© Pearson Education 2009. Copying permitted for purchasing institution only. This material is not copyright free. Functional areas Unit 1: Investigating.

© Pearson Education Copying permitted for purchasing institution only. This material is not copyright free. Functional areas Unit 1: Investigating.
Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance.

Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.

Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Similar presentations

Ads by Google