The San Francisco-based tech giant reported Thursday a massive theft of account information, telling its users at least 500 million accounts may have been compromised in a 2014 hack.
Advertisement
Yahoo’s chief information security officer, Bob Lord said in a blog post that account information taken “may have” included names, email address, telephone numbers and dates of birth.
Yahoo didn’t find evidence of that reported hack, but additional digging later uncovered a far larger, allegedly state-sponsored attack.
“Yahoo is working closely with law enforcement on this matter”, the company said in a statement.
“We typically see a 0.1 percent to 2 percent log-in success rate from credential stuffing attacks, meaning that a cybercriminal using 500 million passwords to attempt to take over accounts on another website would be able to take over tens of thousands of accounts on most websites”, said Shuman Ghosemajumder, Google’s former click-fraud czar and CTO of Shape Security.
Yahoo info breach could even affect.
The news of this data breach couldn’t come at a worse time for Yahoo and it poses more severe problems for CEO Marissa Mayer who is closing on a deal with Verizon to sell Yahoo for $4.8 billion. ” Of course, this is still an ongoing investigation, and for those who have credit card or bank information linked with Yahoo, it’s time to review that data and secure it as well”.
Suspicion of a hack first arose in August, according to CNN Money, when a someone tried selling information from 200 million accounts. Peace has previously claimed responsibility.
Thank God Spark is finally ridding itself of its Yahoo, the current provider of its Xtra Mail service (from January it’s moving customers to the Sam Morgan-backed SMX). In addition, the company is invalidating unencrypted security questions and answers so they can not be used to access an account. Yahoo is also asking anyone who hasn’t changed their password since 2014 to do so for good measure. Yahoo is now warning users to change passwords and watch for suspicious activity.
“We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities”, the company said in a statement. Chalyam said a password of at least eight characters, with upper and lower case letters and special characters included, make strong passwords.
Advertisement
According to Yahoo’s Chief Information Security Officer Bob Lord, they don’t think “the state-sponsored actor is now in Yahoo’s network”, but in light of the data breach Yahoo is asking all users to change their passwords and secure their accounts.
