A Yahoo insider believes the hacked database could really be over 1 billion user accounts
The former Yahoo insider says the architecture of Yahoo's back-end systems is organized in such a way that the type of breach that was reported would have exposed a much larger group of user account information."I believe it to be bigger than what's being reported," the executive, who no longer works for the company but claims to be in frequent contact with employees still there, including those investigating the breach, told Business Insider. "How they came up with 500 is a mystery."
According to this executive, all of Yahoo's products use one main user database, or UDB, to authenticate users. So people who log into products such as Yahoo Mail, Finance, or Sports all enter their usernames and passwords, which then goes to this one central place to ensure they are legitimate, allowing them access.That database is huge, the executive said. At the time of the hack in 2014, inside were credentials for roughly 700 million to 1 billion active users accessing Yahoo products every month, along with many other inactive accounts that hadn't been deleted.
2015 court ruling show.
It's unclear how the hackers actually exfiltrated the database, and Yahoo has not commented further on how the breach happened or when it was discovered, citing an active investigation. Though it is certainly plausible that a hacker group could access a database but not steal everything within, lending credence to Yahoo's official number.
Yahoo declined to specify how many breach notification emails it sent out to affected users or how it reached the 500 million number.Are you a current or former Yahoo security employee? Reach out: firstname.lastname@example.org (PGP: 0CA0 6424 E782 71BC 1057 EA87 94EF FBA8 8948 80).
- PL 2021: Here’s a look at how Punjab Kings vs CSK play against each other
- Goa and Gurugram recorded highest single day of covid 19 cases today
- Wipro fears it may lose its employees to competitors as there is an explosion of IT jobs
- Citibank to exit consumer banking business in India
- Checkout what is allowed and what is not in the new guidelines issued by the Delhi government