Just last week, Yahoo revealed that they had noticed a hack of about 500 million accounts, but a former Yahoo executive who is more familiar with the security practices has come out saying that there might be more accounts stolen than what was revealed. The former Yahoo insider said that the whole architecture of the Yahoo back end systems is designed in such a way that the group that was reported would have exposed much of the user information than revealed.
The executive no longer works for the internet giant but said that he was still in contact with many of the people who were at the company. He said that he believed the hack was more than what was being reported. He said that they were still investigating the problem from what he had heard, therefore the issue of how they had come up with 500 was a mystery.
However, in Yahoo’s defense the company came out saying at least 500 million accounts had been affected. The former exec said that the number of accounts which had been affected could number from 1 billion to 3 billion accounts.
The former executive said that the way the Yahoo products used only one main user database, or the UDB, which were used to authenticate the users. Therefore people who log into the products of the Yahoo Mail, Finance, or the Sports section have all entered the usernames and the passwords.
This information would then go to the central place and then they would be legitimacy verified and allows then the access. Such a database is huge, the executive also noted. At the time of the hack, it is believed that there had been credentials and details of about 700 million to 1 billion active users who were all accessing the Yahoo products every month, together with some of the inactive accounts which had not been deleted at the time.
Back in 2013, the Yahoo CEO Marissa Mayer, said that the company had about 800 million monthly users globally, and now it currently has more than a billion users. The executive says that this kind of information is what had gotten hacked into. He said that this was the crown jewel of the Yahoo customer credentials.
The Yahoo UDB is still considered the main repository for all the user credentials that the company receives, and it is still being used. Some LinkedIn profiles and current Yahoo employees and be 2015 court ruling showed.
How the hackers actually took the information is unknown and Yahoo has not commented on the problem yet. Yahoo also declined to comment how it got to the number 500 million, and how many of the breach emails it had sent to its affected users.