Stolen data includes user names, email addresses, telephone numbers, birth dates, hashed passwords and the security questions and answers used to verify an account holder’s identity.
Advertisement
In a statement released on Thursday, Yahoo’s Chief Information Security Officer Bob Lord said that the information was stolen from the company’s network in late 2014, Fox News reported.
That account information could include users’ names, emails, phone numbers and dates of birth, Yahoo said. The company already took steps to secure users accounts such as invalidating unencrypted security questions and answers and requesting them to change their passwords especially those who haven’t changed their passwords since 2014. Prior to the Yahoo attack, Peace was infamous for offloading hacked data from MySpace and LinkedIn. Although Yahoo did not specify this, it’s unlikely any protected health information or personally identifiable information would reside in those accoounts either.
If you have not changed your Yahoo password since 2014, the company advises that you do so now.
The telecom giant says it “will evaluate” the ongoing investigation and now has “limited information and understanding of the impact” as Yahoo only informed Verizon of the security incident “within the last two days”.
“This is what we should expect and continue to see as companies don’t protect information as much as they should”, he said.
At the time, Yahoo said it was “aware of the claim”, but declined to say if it was legitimate.
This timescale leaves Verizon with wiggle room to renegotiate the purchase price or even back out if it believes the security breach will harm Yahoo’s business. “The hackers probably attacked slowly, and quietly, without anyone watching”, Kremez said.
“Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry”, Yahoo! said in a statement. Yahoo did not find any evidence that that the hacker is still inside its network. The method reportedly makes it hard for hackers to decrypt the data.
Thorsheim also noted that because the breach happened just two years ago, there’s a high probability many of those impacted are still using the same passwords.
Advertisement
Finally, Yahoo! recommends not click links or download attachments from email addresses “suspicious” and to be vigilant on any request on a request for personal information.
