Privacy News Roundup 15 December 2016

One billion Yahoo users affected by hack

Yahoo has announced that one billion user accounts have been affected by a hack attack dating back to 2013. The hack is separate from a attack from 2014 where 500 million accounts were believed to have been breached, and separate from a disclosure from September 2016. The recent hack was uncovered as part of investigations into the 2014 attack and included access to passwords, names, phone numbers and email addresses, but not payment or bank details. Users have been encouraged to change passwords and security questions as soon as possible.

The billion user mark is roughly Yahoo’s active monthly user figure though many users have multiple as well as dormant accounts. Security expert Troy Hunt said the following about the hack:

This would be far and away the largest data breach we’ve ever seen. In fact, the 500 million they reported a few months ago would have been, and to see that number now double is unprecedented.

Yahoo hasn’t attributed the attack to any state-sponsored activity as they did with the previous incident. They’ve referred to the tampering of cookies, though, which gives us some useful insight into where the vulnerability may have existed in their system.

Yahoo was aware of a “state-sponsored” hack as far back as 2014 though it is still unclear in which country the hack originated. Yahoo has been criticized for only just publicly announcing the breach. The revelation is poorly timed since the company is amidst a $4.8bn proposed acquisition by mobile giant Verizon. It’s unclear yet how the latest hack will affect the bid. Mr Hunt said that Verizon had allegedly devalued Yahoo by $1bn after the 2014 hack revelation. It’s likely that the latest attack will be another thorn in Yahoo’s side, a company which by the industry standards set by the likes of Google and Facebook has slipped behind somewhat.

Yahoo has announced that one billion user accounts have been affected by a hack attack dating back to 2013. Source: Wikipedia.

Cheating site Ashley Madison to pay $1.6 million to FTC

The dating website that offers extra-marital affairs, Ashley Madison, will pay $1.6 million to the Federal Trade Commission (FTC) for failing to secure the data of its 36 million users, since user accounts were not deleted and users were encouraged to set up fake accounts as “females” after paying a $19 fee.

FTC spokesperson, Edith Ramirez, said the commission had agreed a $17.5 million settlement but Ashley Madison, through lack of funds, said it could only pay $1.6 million. Part of the settlement also obliges the company to implement a data security programme overseen independently.

The website was hacked in August, 2015, resulting in the disclosure of personal data, including names, usernames, partial payment data, passwords, address details, email addresses and transaction records. At the time, it was revealed that many users who had paid a fee for a “full delete” had been duped since Ashley Madison left the data on its servers for a year after the initial request.

It also came out that tens of thousands of the “female” profiles on the site had been fabricated to tempt men to spend money on the site. The FTC said that Ashley Madison had misrepresented the appeal of its site, as well as how secure its users’ data was and the validity of its “full delete” promise.

Ashley Madison fined FTC
Hacked dating site Ashley Madison has been ordered to pay $1.6 in fines. Source:

Pirate Bay and others will be blocked in Australia

After a case initiated by some prominent copyright holders, Australia’s Federal Court has ordered numerous local Internet Service Providers (ISPs) to block access to The Pirate Bay, TorrentHound, IsoHunt, SolarMovie, Torrentz as well as numerous other proxy and mirror sites.

The move has been several years in the making and marks a legislative change that will clampdown on piracy sites in Australia. The change comes following a case compiled by a collection of large copyright holders, including 20th Century Fox, Roadshow Films, Disney, Foxtel, Paramount, Columbia, that now requires over fifty ISPs operating across Australia to block access to the sites.

Judge John Nicholas of the Federal Court ruled on 15 December that the major torrent sites mentioned above, as well as affiliated and non-affiliated proxy and mirror sites will be barred. Since the beginning of the case, Torrentz, TorrentHound and Solarmovie have all shut down. Judge Nicholas agreed to the ban after concluding that the sites could reemerge. The order does not cover a number of smaller, inactive Pirate Bay proxies and mirrors through lack of evidence of infringement.

Judge Nicholas ruled that the piracy sites based overseas were in breach of Australian copyright law and gave ISPs fifteen days to comply with the blocking order. ISPs were given a choice in terms of how they implement the order. The Judge said that ISPs must take all “reasonable” steps, including URL blocking, DNS blocking, IP address blocking or other “alternative technical means” approved by the copyrights holder.

The Judge determined that when blocking occurs, consumers must be informed. ISPs must either redirect users to a landing page or to a page put in place by rights holders. It was also determined that ISPs will have to pay for putting blocking mechanisms in place, though rights holders must pay AUS$50 per domain as well as covering ISPs’ legal fees.

The Pirate Bay
Australia’s Federal Court has ordered local ISPs to block access to various torrent sites including The Pirate Bay. Source:

Leave a Comment