Saturday October 01, 2016

Actual Number Of Stolen Yahoo Accounts Could Be Over 1 Billion

Yahoo may have severely underestimated how much information was actually leaked. This is based on the fact that the company has quite a few more active users than just 500 million, whose credentials are all stored in one centralized database.

Yahoo has said that the breach affected at least 500 million users. But the former Yahoo exec estimated the number of accounts that could have potentially been stolen could be anywhere between 1 billion and 3 billion. According to this executive, all of Yahoo's products use one main user database, or UDB, to authenticate users. So people who log into products such as Yahoo Mail, Finance, or Sports all enter their usernames and passwords, which then goes to this one central place to ensure they are legitimate, allowing them access. That database is huge, the executive said. At the time of the hack in 2014, inside were credentials for roughly 700 million to 1 billion active users accessing Yahoo products every month, along with many other inactive accounts that hadn't been deleted.

Comments