Yahoo Breach Exposes 500 Million Accounts, Merchants and FIs Should Be Safe From Additional ATO

September 27, 2016 — Yahoo Breach Exposes 500 Million Accounts, Merchants and FIs Should Be Safe From Additional ATO

Ryan Wilk, VP at NuData, comments on the effect on ATO fraud the recent Yahoo! breach will have.

Late last week, Internet search and content provider Yahoo acknowledged a data breach dating to 2014 that compromised the personal information of “at least” half a billion users. That’s as many compromised records in one intrusion as were reported in the entire first half of 2016 stemming from nearly 1,000 individual breaches. According to the company, which is involved in a pending sale of its core business to communications giant Verizon for nearly $5 billion, hijacked information includes names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers. Rumors of an intrusion surfaced this summer when a hacker named “Peace” claimed to have information on 200 million of those users for sale. That led to the discovery of the hack disclosed Thursday—one of the largest in history. While no payment-card information was reportedly at risk, a breach of this size and type normally affects merchants and financial institutions in the form of increased account takeover (ATO) fraud attempts. Because the breach is two years old, however, there may not be a surge in ATO fraud, according to Ryan Wilk, vice president of customer success at antifraud technology provider NuData Security. “From an ATO perspective, my thought is that most of the damage is done since the breach happened in 2014,” Wilk told “The Yahoo accounts that are actively being used by the correct account holder and would have value to a bad actor have undoubtedly been secured by now with a password update. There may still be accounts out there that can be accessed but they are more than likely junk accounts that had no value in the first place.”

For the complete article, go here.