Share

Yahoo says at least 500 mln accounts hacked in 2014

This is no doubt the largest online data breach, beating the LinkedIn hack some months ago.

Advertisement

“Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor”, the company wrote in the statement. Any unencrypted security questions and answers will be invalidated, meaning that users will have to submit new ones.

However, as per analysts, the hack had a “limited” potential for damage, despite its mammoth scale, because the financial information of the users was not compromised by the hackers.

Yahoo also says it is contacting affected users and asking them to supply “alternate means of account verification”.

Yahoo said the attack was committed by a “state-sponsored actor”. An investigation into the hack is ongoing, Yahoo!

Yahoo’s investigation suggests that information did not include unprotected passwords. The hashed passwords mostly used bcrypt, which adds “salting and multiple rounds of computation” as part of the encryption protection scheme, according to Yahoo. All Xtra customers who have not changed their password or security questions since 2014, or are unsure if they have, should do so now on the Spark website using this link: www.spark.co.nz/changepassword.

In July, Verizon agreed to acquire Yahoo’s core business for $4.8 billion.

Yahoo didn’t say how the hackers broke into the company’s network or which country may have sponsored the attacks. The deal is expected to close in the first quarter of 2017. Some personal information such as names, phone numbers, dates of birth and unencrypted security questions and answers were stolen.

Verizon issued its own statement on the matter saying, “Within the last two days, we were notified of Yahoo’s security incident”.

Advertisement

So if you are a Yahoo user, please make sure you promptly change your passwords, and even those accounts that you have similar credentials with, just to be sure. The company said it will “evaluate as the investigation continues”.

Dancing at Yahoo