News in brief: Yahoo woes mount; Evernote backs down; ATM fraudster jailed

Your daily round-up of some of the other security stories in the news

Yahoo breach: woes mount after hack

The stolen details of 1bn Yahoo accounts have apparently been for sale on the dark web since last summer, according to the New York Times. Andrew Komarov, chief intelligence office at InfoArmor, told the NYT that three buyers had paid $300,000 each for a copy of the database. Komarov added that InfoArmor had also bought a copy of the Yahoo database and had approached military and law-enforcement folk in the US, Canada, Australia and the EU with it – but that he had not approached Yahoo directly because, he said, his company had been rebuffed when approached in the past.

Meanwhile, White House spokesman Josh Earnest said on Friday that the FBI was investigating the Yahoo hack. He told reporters: ““There was a previously reported breach that the FBI had previously indicated that they were investigating and they’re investigating this situation as well.”

Yahoo’s woes mounted on Friday as the fallout from the breach became clear, with Verizon, which had agreed in July to buy Yahoo’s core internet business for $4.8bn, was said to be looking for “major concessions” on the terms of the deal.

Evernote backs down on reading users’ encrypted notes

Evernote yesterday rowed back on a change it had announced to its privacy policy that would have meant its staffers could have read users’ encrypted notes.

Users rightly kicked up a stink when Evernote said it would be rolling out a change to its privacy policy in January that would allow “some Evernote employees to exercise oversight of machine learning technologies applied to account content … for the purposes of developing and improving the Evernote service”.

Evernote clearly thought better of the move after users took to Twitter to complain, saying in an apologetic blogpost on Thursday that it would not roll out the new privacy policy, although it did say that it “will make machine learning technologies available to our users” and went to on reassure users that “no employees will be reading note content as part of this process unless users opt in”.

It would probably be a good idea to watch out for further pings from Evernote if you are a user to make sure that you remain opted out of its push into machine learning.

ATM card skimmer jailed

Despite the growth of contactless payments and services such as Apple Pay, card fraud and skimming remains a scourge of the modern payments scene. Anyone who has been a victim of having their card ripped off in a compromised ATM will doubtless therefore be pleased that one skimmer, Robert Mate, a Romanian who was arrested in Spain, has been jailed for just under five years in prison by a judge in New Jersey.

Mate, who had pleaded guilty, was sentenced to 57 months by US district judge William J Martini at Newark Federal Court earlier this week for his role in what was described as “a vast ATM skimming scheme” that stole card and account details from compromised ATMs in Florida, New York, Connecticut, New Jersey and elsewhere. The US Department of Justice said that the scheme was one of the largest ever uncovered by law enforcement, and that it had “defrauded Citibank, TD Bank, Wells Fargo, and multiple other financial institutions out of at least $5m and impacted thousands of customers”.

Mate was one of a gang, said the DoJ, who had carried out the fraud, and that other members were still out there. Be careful when you put your card in an ATM.

Catch up with all of today’s stories on Naked Security