As a result of the company’s “failure to establish and implement basic data security protocols, contrary to Yahoo’s guarantees, its users’ personal information is now in the hands of criminals and/or enemies of the USA”, according to the latest complaint, filed Friday in federal court in San Jose, California.
Advertisement
According to Yahoo’s statement on Thursday, user information including names, email addresses, phone numbers, birth dates and encrypted passwords had been compromised in the breach. The data does not include unprotected passwords, payment card data, or bank account information. “But some of the most valuable user data was not taken”, the company says.
Yahoo suffered a security breach back in late 2014, and in August of this year, a hacker named “Peace” was found to be shopping around 200 million usernames and passwords for sale online.
Yahoo is under pressure to release more details on the attack and explain why it took so long to detect. The company is also invalidating unencrypted security questions and answers so that they can’t be used. Don’t use the same passwords on multiple accounts because if one gets hacked, that could give crooks the key to other accounts, too.
The data breach is not good news for the company when Verizon is in talks to acquire Yahoo. “If you’ve already registered to have your email moved to SMX, you don’t need to do that again – any changes you make to your password will be applied to the new system”. “As a predication for the minority of our customers who use Yahoo mail, we are advising those who haven’t changed their passwords post-December 2014 to change them”.
Also, the email will not ask users to click on a link and will not contain any attachment.
Yahoo is recommending that any of its users that haven’t changed passwords since 2014 to change them.
The Yahoo compromise dwarfs the 360 million password breach that hit MySpace revealed earlier this year and the 117 million user theft that blasted LinkedIn in 2012.
Advertisement
A suit filed Friday in San Jose federal court accused Yahoo of “failure to establish and implement basic data security protocols”, with the result that “users’ personal information is now in the hands of criminals and/or enemies of the U.S”. Obviously make sure you unsubscribe from any paid services before deleting your account otherwise you could still be charged.
