The US internet giant Yahoo says seemingly state-sponsored hackers stole the information of half a billion of its users back in 2014, in what appears to be the largest publicly disclosed cyber-breach in history.
Advertisement
The company said that the perpetrators may have stolen names, email addresses, telephone numbers, dates of birth and encrypted passwords.
The company is investigating the breach with law enforcement but now believes that credit card or bank details were not included in the stolen data.
Verizon, the United States telecoms firm which agreed to buy Yahoo’s main internet operation in July, said it was alerted to the breach by Yahoo “within the last two days”.
Yahoo! has also taken steps to secure accounts of affected users.
Handy urges users to change their password and security questions. Also don’t download links or attachments from unknown senders or suspicious email ids. In such attacks, criminals use automated programs to cycle through stolen user IDs and passwords and log into personal accounts on sites such as banks, travel firms and online gaming firms.
Over 500 million accounts were compromised in the data breach, which happened in 2014, and the company is now taking action to protect affected users.
So what should you do if you have a Yahoo account?
Yahoo has no evidence that the stolen bcrypt-protected passwords or security questions and answers were used to gain unauthorized access to Spark accounts.
U.S. officials have hinted that China might be to blame for a 2015 breach at the U.S. Office of Personnel Management, in which background files and even fingerprints of millions of federal employees were stolen.
At the moment, it is not clear when the company learnt about the hack and why it took them two years to admit to it. If you use the same questions or passwords for any other account as you do on Yahoo, you need to go and fix those as well.
“The idea that ‘I don’t use that account any more, I don’t have to worry about it.’ – in most cases, unfortunately that’s wrong”, he said. All Yahoo account holders should also change their security questions and answers.
Stephen Gates, chief research intelligence analyst at NSFocus, said: “In 2012, the number of potentially compromised user credentials was estimated to be around 450,000”.
Corey Williams, from security software firm Centrify, said: “Yahoo may very well be facing an existential crisis”. “If no financial information or Social Security numbers are involved, then most state laws would not require notification and credit monitoring would not be applicable”, Freedman said.
“We’re committed to keeping our users secure, both by continuously striving to stay ahead of ever-evolving online threats and to keep our users and platforms secure”.
Spark advised all Xtra users to regularly update their account settings with a strong, difficult-to-predict password.
Advertisement
That is a daunting task when dealing with advanced adversaries who can easily delete records of where inside Yahoo’s network they were and which computer servers they used to remove data.
