Yahoo confirmed that at least 500 million user accounts were compromised in late 2014, possibly by a state-sponsored actor, resulting in the possible theft of users' names, email addresses, phone numbers, birth dates, hashed passwords and encrypted and unencrypted security questions and answers. "The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected," wrote Chief Information Security Officer Bob Lord in a Thursday blog post. Lord said there's no evidence the state-sponsored actor is still in the network, but the company is working with law enforcement in an investigation. The company, which also provided FAQs about the breach, said it's strengthening network security and provided instructions for users to improve their account security. A spokesman for Verizon, which announced in July that it's acquiring Yahoo for $4.83 billion in cash (see 1607250016), tweeted Thursday that it was notified "with the last two days" of the incident, but has "limited information and understanding" beyond that there's an ongoing investigation.

Retailers must not only design security into their devices but also into consumer data "from initial acceptance, through transit to the data center and while in storage," wrote Michelle Tinsley, Intel director-mobility and payment security, in a Wednesday blog post. As the IoT becomes more prevalent, retailers are collecting more data about their customers to provide personalized services and products, but risks also are prevalent, she said. Tinsley said 13.1 million Americans were victims of identity theft in 2015, citing Javelin Research. "Typically it takes a consumer six months and $4,000 to clear the errors from their credit record," she wrote. One answer, she added, is encrypting the data from source to storage. Tinsley will join Jeff Zubricki, Walmart director-global public policy, to discuss the issue at an Electronics Transactions Association event Thursday.

FedEx is “deep into planning” for what it expects will be “another record peak holiday shipping season” for e-commerce packages, CEO Frederick Smith said on an earnings call. “Last year, we experienced 15 percent growth in peak season volume and delivered more than 325 million packages.” FedEx will dedicate six temporary facilities to oversized packages for peak holiday demand, said FedEx Ground CEO Henry Maier in Q&A on Tuesday's call.

Tech Data Corp. agreed to pay $2.6 billion for Avnet’s Technology Solutions unit in a stock-and-cash transaction, Avnet said Monday in a news release. The unit is a distributor of IT services, including cloud and data center services. The companies, which have been competitors, also plan to partner on IoT services, Avnet said.

Autonomic debuted a music streamer, using the company’s eAudioCast audio-over-Ethernet technology, that’s designed to make it easier for integrators to bring streaming capability to wired Autonomic whole-home audio systems. The streamer gives integrators a new entry-level offering in a single- or dual-stream solution that works with any Autonomic eSeries amplifier or as a single-stream music player within a third-party control system, Aaron Chisena, global sales director, told us in Dallas at the CEDIA show.

About 7.9 million new domain names were registered globally in Q2, domain registry Verisign said Thursday. The new registrations indicated a 2.4 percent growth rate over Q1 (see 1607200047) and 12.9 percent growth over the same period in 2016, the company said. The new registrations brought the global number of domain names up to 334.6 million as of June 30, including more than 143 million names using the .com and .net top-level domains, Verisign said: There were 127.5 million .com domain names and 15.8 million .net domain names June 30.

NTIA plans the first meeting of its multistakeholder process on cybersecurity upgradeability of the IoT Oct. 19 in Austin. NTIA said in August it was launching the IoT cybersecurity multistakeholder process on developing ways to improve consumers’ understanding of cybersecurity upgrades to IoT products (see 1608020060). The meeting will focus “on security upgradeability and patching, and to establish more concrete goals and structure of the process,” NTIA is set to say in Monday's Federal Register. The meeting also will be on how the process will be structured, including forming working groups on specific issues, and setting out “concrete goals” for the process, NTIA said. Future meetings will “encourage and facilitate continued discussion among stakeholders to build out a mapping of the range of issues, and develop a consensus view of a consolidated set of potential definitions,” NTIA said. “Discussions will also cover best practices for sharing security information with consumers. This discussion may include circulation of stakeholder-developed strawman drafts and discussion of the appropriate scope of the initiative.” The meeting is 10 a.m.-4 p.m. in the Renaissance Austin Hotel's Trinity Ballroom.

Dish Network, Frontier Communications, Charter Communications, Hughes Network and EarthLink and sales agents Infinity Sales Group and GoDish.com were part of a broadband "bait and switch advertising scheme" involving RedPlum advertising mailers, said an amended complaint (in Pacer) filed Wednesday in U.S. District Court in Tampa, Florida. Consumers routinely get RedPlum mailers advertising broadband offerings at particular speeds and prices, but none of those offers was available as a free-standing service at the lowest-advertised prices, alleged plaintiff TruthInAdvertisingEnforcers.com -- "a fictitious business name" registered to Gerald Collette, a Holiday, Florida, resident, said the lawsuit. RedPlum can target mailings down to the sub ZIP code level, Collette said, but none of the defendants advertising their services at special prices provided a means by which consumers could get the advertised services at advertised price. Fine print in the ads may refer to limited availability of product, but "the size, position and lack of prominence of ... the fine print in such advertisements were, in comparison to the material statements promoting the Advertised Bargains, inadequate," Collette said. Defendants didn't comment Thursday. The complaint was the fourth amended complaint filed by TruthinAdvertisingEnforcers.com.

Government managers surveyed said they were largely satisfied by the technological assistance received from the General Services Administration's 18F team and the U.S. Digital Service (USDS), which is part of the Office of Management and Budget, in helping agencies address problems with IT projects, GAO reported Wednesday. Of the 32 18F projects and 13 USDS projects underway or completed as of August 2015 across 11 agencies, respondents said they were "very satisfied" with 22 projects and "moderately satisfied" with 10. There were no responses for nine projects. The teams provide consulting services including quality assurance, identification of problems and software engineering.

Control4 will hit CEDIA Expo Thursday with three software announcements: an operating system refresh, dealer remote management tool and voice control integration, starting with Amazon’s Alexa voice engine, said Brad Hintze, senior director-product marketing. New features in the latest Control4 v2.9 operating system give dealers an opportunity to upgrade existing customers, and provide bug fixes and software enhancements, Hintze said. The company also worked with Amazon engineers to expand what was possible within the Alexa smart home skill and is the first company to release Alexa scene capability, Hintze said. Control4 is enabling voice control of lighting, including scenes, thermostats and the ability to add, remove and rename devices without dealer involvement. The Control4 platform supports 9,900 devices, he said, including Sonos speakers and Comcast/Xfinity’s latest set-top boxes.