The data stolen may have included names, passwords, telephone numbers and email addresses.
Advertisement
If you haven’t changed your password since 2014, you should.
Given Yahoo’s near constant decline in users the chances are the majority of the account details accessed in the hack do not relate to now used accounts, but that ultimately is besides the point given that people often use the same password and security questions across multiple sites, meaning the benefit of the data is its potential use for identity theft on other services.
Yahoo is encouraging all users to change their passwords, security questions and security answers for their Yahoo accounts and any other accounts for which they may have used the same information.
Hackers could also use such personal information to concoct bogus emails and send them to a person’s Yahoo account, in what might be a sophisticated “phishing” scheme aimed at getting the target to click on a link containing “spyware” or other malicious computer code.
Due to the scale of the Yahoo breach, and because users often recycle passwords and security answers across multiple services, cyber security experts warned the impact of the hack could reverberate throughout the internet. Interestingly, in late 2015, Yahoo said it would start alerting customers if their accounts were suspected to have been attacked by “state-sponsored” threat actors.
Sensitive financial data, like bank account numbers and credit card information, isn’t believed to have been stolen, Yahoo says. It’s also possible that the attackers got in even after Yahoo took a stronger security stance.
Yahoo was already facing a steep decline in email traffic, despite CEO Marissa Mayer’s efforts to upgrade the service in order to foster more user loyalty.
Yahoo has confirmed a data breach that compromised the data of several hundred million users.
A few days after Verizon and Yahoo agreed to the .8 billion deal, Motherboard’s Joseph Cox reached out to Yahoo with questions regarding a listing for account credentials on a dark web marketplace.
A hack of the computer systems at the USA government’s personnel office compromised the personal information of more than 21 million current, former and prospective federal employees, including highly sensitive data such as background investigations. But the investigation will likely lead to findings that perhaps 5% of users have left Yahoo and that could yield a lower price for Verizon.
That’s when high-tech thieves hacked into Yahoo’s data centres, the company said.
The Yahoo theft represents the most accounts ever stolen from a single email provider, according to computer security analyst Avivah Litan with the technology research firm Gartner Inc. At the time, Yahoo disclosed that the breach was the result of a SQL injection flaw. One executive told Recode that the former head of information security tried unsuccessfully to have top management respond more strongly to such security incidents.
“It’s a shocking number”, Litan said.
Advertisement
As always with these hacks, you should change your Yahoo password if it has been the same since late 2014. To ensure that users have the ability to confirm that this outreach comes from a legitimate source, they are making public the content of the email that they will be sending.
