Experts challenge Yahoo’s assertion that state-sponsored hackers were behind a 2014 breach that resulted in 500 million lost records.

A number of Democratic Congressional leaders wrote Yahoo CEO Marissa Mayer a letter seeking answers about the breach of 500 million customer records.

Crypto company Venafi points out potential holes in Yahoo’s processes and policies around cryptography and digital certificates, any of which could have been exploited in the breach to move data off the Yahoo network.

The massive Yahoo breach, this week’s Security of Things Forum, Mamba ransomware, and Google Allo are discussed.

Yahoo confirmed that in 2014 state-sponsored hackers stole information associated with 500 million accounts from its network.

Yahoo is expected to confirm a data breach that exposed hundreds of millions of credentials dating back to 2012.

Yahoo says it is investigating reports of 200 million user credentials advertised for sale on the Dark Web by a hacker that goes by the handle “peace_of_mind”. The Yahoo credentials, according to the site listing the database for sale, includes usernames, passwords (hashed using the MD5 algorithm), birthdates and backup emails for some accounts. The...

Yahoo has been given until August 31 to comply with a court order asking how the company was able to recover emails that were presumed deleted. Yahoo’s policy guide claims it cannot recover emails from a user’s account that have been deleted but defense lawyers for a convicted U.K. drug trafficker are speculating whether the company...

Yahoo today disclosed the contents of three National Security Letters it has received since 2013, the first time a company has made such a disclosure since the passage of the USA FREEDOM Act. Under the law, the FBI is now required to periodically review whether non-disclosure around National Security Letters remains appropriate. “We believe this...

Yahoo has forced a password reset on Tumblr account holders after it discovered that someone had accessed email addresses, and salted and hashed passwords from early 2013. A Tumblr spokesperson would not disclose who had accessed the data, where it was found, nor how many email addresses were impacted and how many of those are...