Yahoo confirmed this Thursday that back in 2014 over 500 million user accounts were hacked for their personal information.
The initial hacking which took place a couple of years ago was recently confirmed and made public by Yahoo. The company explains that a significant amount of information was breached by a suspected “state-sponsored” entity. The exact details on the hacker still remain widely debated and unknown.
This hack on one of America’s largest companies is said to be the largest of all time. That record was previously held by MySpace, which was hacked this summer.
Many people are at risk because of Yahoo’s wide-spread coverage of services in sectors such as: finances, email, and fantasy sports. Earlier this year, a security analyst the company suspected that 200 million account had their data stolen and then sold online; that number has grown over two-fold.
While the exact contents of what was stolen is unknown, there are various speculations. Yahoo believes that both unencrypted and encrypted data were stolen, such as: emails, phone numbers, passwords, and security question answers. Combining all of this data makes accessing victims accounts extremely easy. Some good news, however, is that no bank account information or unhashed passwords were stolen.
CISO of Yahoo, Bob Lord, made a statement today and released an email to potential victims of the hack. In a marketing ploy, Lord pitched Yahoo Account Key as a safe alternative to passwords on Yahoo. Lord says,
An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the cross hairs of adversaries. Through strategic proactive detection initiatives and active response to unauthorized access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure.
Word of this hack comes just weeks after Verizon announced that it would be acquiring Yahoo for $4.8 billion. Sources also confirm that Verizon only became aware of this 2014 hack at the beginning of this work week.
Security news blogger Graham Cluley gave insight on what Yahoo users worried about being victims should do.
Reset your Yahoo password. Make it a strong, complex password — and make sure that you are not using the same password anywhere else on the net. Yahoo says it is recommending that all users who have not changed their passwords since 2014 do so.
If you were using the same password in multiple places, you need to get out of that habit right now. Reusing passwords is a disaster waiting to happen, and could allow hackers to crack open other accounts using the same credentials.
Invest in a decent password manager program to generate random, hard-to-crack passwords, store them securely and remember them for you.
Watch out for phishing emails that pretend to come from Yahoo.
And yes, if you haven’t already done so, enable two-step verification on your Yahoo account.
Yahoo will continue looking into the incident and alert users and shareholders as more information surfaces.