Yahoo! has confirmed that details of over 500 million of its users’ accounts were stolen by what it believes was a state-sponsored attack. However, the company’s investigation suggests that information stolen did not include unprotected passwords, debit or credit card data, or bank account information.
Advertisement
An investigation by the company has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor.
Users of Yahoo online services were urged to review accounts for suspicious activity and change passwords and security question information used to log in anywhere else if it matched that at Yahoo.
The incident overshadows a $4.8 billion deal in which Yahoo agreed in July to sell its core internet business to USA telecommunications company Verizon Communications.
On 1st August, technology news site – Motherboard said that a cyber criminal known as Peace was selling the data of about 200 million users of Yahoo but did not confirm its authenticity.
Any unencrypted security questions and answers will be invalidated, meaning that users will have to submit new ones.
There are a number of steps people can take to protect themselves from hackers, like changing their email passwords often and having separate passwords for every account.
Thorsheim also noted that because the breach happened just two years ago, there’s a high probability many of those impacted are still using the same passwords.
Experts said Yahoo users should also turn on login verification, which will implement a text-message alert or phone call if someone tries to access an account from an unrecognized computer. “Avoid clicking on links or downloading attachments from such suspicious emails”.
The search engine is set to be acquired by U.S. network operator Verizon but a hack of this magnitude is sure to influence the value of the $4.8 billion (~R65.1 billion) acquisition.
Advertisement
On Thursday, Yahoo said 500 million accounts were compromised. The hashed passwords mostly used bcrypt, which adds “salting and multiple rounds of computation” as part of the encryption protection scheme, according to Yahoo. “We will evaluate as the investigation continues”, Verizon said.
