Yahoo is blaming a state-sponsored actor for this hacking and data breach, and says this is an ongoing investigation.
Advertisement
Their investigation is continuing into the breach – which affects eight million United Kingdom user accounts – and which Yahoo said happened in late 2014. “I’m not entirely sure that the scale of this is going to be limited to Yahoo”. This information, along with answers to security questions, could help hackers break into victims’ online accounts.
The company said affected users will be notified by email. The company said the attacker didn’t get any information about its users’ bank accounts or credit and debit cards. Unprotected passwords weren’t part of the breach, Yahoo said, but hashed or digitally obscured passwords may have been taken.
Yahoo believes that the cybersecurity breach was “state-sponsored” – a hacker working for a government – and is working closely with law enforcement officials in their investigation.
“We’re seeing yet another very large, massively large-scale breach occurring”, said Paul Dant, chief strategist, Independent Security Evaluators.
While some users feel phone numbers and names might not be private information, experts say the worst has yet to come. The authority noticed the triumph of selling its users’ information.
And users need to “promptly change their passwords and adopt alternate means of account verification”.
So perhaps the better question might be – why didn’t Yahoo warn its account holders of the possibility of an attack and urge them to change their passwords regardless? Yahoo is also asking anyone who hasn’t changed their password since 2014 to do so for good measure.
When reports of a major hack on Yahoo in 2012 circulated earlier in the summer, the company provided us with a somewhat high-handed response: “We are aware of a claim”.
What should a Yahoo user do? Go change your passwords! Tom Scott of the University of SC recommends changing passwords every 90 days, using two-factor authentication, and creating complex passwords with numbers, characters and upper and lower case letters.
By now many users of other email services will have moved beyond mere password-based security, with Google now supporting two-factor authentication and many iPhone users locking their mobile email services with biometric security.
Review your accounts for suspicious activity. Consider taking a sentence you can remember and adding multiple different numbers and symbols throughout. Just mark them as Spam. “Avoid clicking on links or downloading attachments from such suspicious emails”.
Yahoo is sending users an email and posting additional information on their website.
The sale was advertised on the “dark web” – something that can be accessed only using Tor – but that was found to be inaccurate.
In the complaint, the plaintiffs allege their private information was compromised. If you’re asked to verify your password or other information, don’t do it.
Advertisement
Yahoo Inc. made it known that at least a half billion of Yahoo accounts were hacked, the theft marks the world’s biggest cyber breach in history.
