1B Yahoo Accounts Breached, Facebook Chats That Aren't Private and Ransomware You Share

Another busy week in Threatwatch, Nextgov's regularly updated index of cyber incidents. 

FBI Investigates Yahoo's Billion-User Breach that Includes Feds' Info 

The FBI is investigating the breach of 1 billion Yahoo user accounts, a White House spokesman confirmed Thursday.

“There was a previously reported breach that the FBI had previously indicated that they were investigating and they’re investigating this situation as well, so I’ll let them speak to what they have found over the course of that investigation thus far,” White House Press Secretary Josh Earnest said during a Thursday press briefing.

Yahoo announced Wednesday an unknown third-party access personal information for the billion users in 2013 in what the company says is a separate incident from the breach of 500 million accounts it divulged in September but happened in 2014.

Among the stolen information, which included names, passwords and security questions and answers, was the account information for 150,000 U.S. government and military employees, Bloomberg Technology reported. Those accounts provided official government email addresses from the White House, National Security Agency, FBI, CIA and other agencies as password recovery backups. 

Yahoo suggests the party behind the breach may state-sponsored, as it did with the September announcement, though some security experts think it's criminals. 

For the affected users, the company required users to change passwords and invalidated unencrypted security questions and answers. It also suggests using a Yahoo Account Key, which validates accounts through a mobile phone instead of using a password.

The latest disclosure may affect the company's sale of key web business to Verizon. The $4.8 billion deal was reached before Yahoo announced either breach. CNBC reported Yahoo's shares fell 5 percent Thursday.

All Those Facebook Messenger Chats Might Not Have Been Private

Researchers found a vulnerability in Facebook Messenger that could allow someone to read all text, pictures and attachments.

The flaw affects chats sent through the web and mobile applications for all 1 billion of Facebook Messenger’s active users. Facebook use chat servers on a different domain from the main site, and a misconfiguration left chats vulnerable to a cross-origin bypass attack, The Hacker News reported.

The misconfiguration—called Originull—could allow an attacker to direct a victim to a malicious site and from that point on, the attacker could access all communication through Messenger.

“This was an extremely serious issue, not only due to the high number of affected users, but also because even if the victim sent their messages using another computer or mobile, they were still completely vulnerable,” said BugSec Chief Technology Officer Stas Volfus in a press release.

BugSec and Cynet researcher Ysrael Gurt disclosed Originull to Facebook’s bug bounty program and the company fixed it.

Share Ransomware, Get Your Stuff Unlocked

It’s a familiar pitch with a new twist: Share the product, get a discount. In this case, share the ransomware, get your data unlocked for free.

Popcorn Time encrypts files like most ransomware but it also offers the victim the choice to either pay cash (one bitcoin) or to spread the link, reports the Guardian. But like any other share-deal, it’s not enough to just send out the link: Two people have to pay up.

Popcorn Time appears to be under development still, according to MalwareHunterTeam, the security researchers who discovered it. The Guardian reports the code also has references to another feature that would delete files if a victim enters an incorrect key too many times.

“It is still not perfect, but it’s getting better. Infect more to get free key is already unique thing. This system is something you not see every day,” the researchers told Wired.