According to Reuters, Yahoo Inc said on Thursday, information associated with at least 500 million user accounts was stolen from its network in 2014 by what it believed was a "state-sponsored actor."
Details include names, passwords, email addresses, phone numbers and security questions. The company says the passwords that hackers stole were encrypted. This compromised data is used by criminals to hijack user identities and use them for fraudulent purposes. Users should be wary of any emails purporting to come from Yahoo, particularly if they prompt the users to click any links, download any attachments or give out any personal information. Yahoo is blaming the hack on a “state-sponsored actor.”
It's the largest-ever publicly disclosed data breach, and it could affect a lot more than your email account. Apart from the scale of this breach which impacts half a billion users, what’s astonishing is how long it took Yahoo to discover the breach. Many high profile companies have suffered serious data breaches including Linkedin and Sony. The compromised security at Sony, the global games company, allowed criminals access data from 20 million accounts which including email addresses, phone numbers, passwords, and in some cases credit card numbers.
Below are the 5 largest previous breaches, according to haveibeenpwned.com:
The timing of all this could not be worse for Yahoo. It had agreed a deal in July to sell its internet business to Verizon for $4.8bn. Last night's breach announcement must raise questions about the completion of that deal? What is suprising is that Verizon only learned about the issue in the last two days, and claims to have limited information about it.
Yahoo is recommending that people change their password, and also change the password anywhere else they may have re-used that information. Ideally, they should stop re-using passwords altogether.
IT managers are more password security aware than most, not least because when company and financial systems are at risk there are serious consequences for them. A data breach can often take time to be noticed but it eventually is through identity theft, lawsuits or substantial corporate expenses.
Your new strong passwords should use all of the following:
One more word of caution. Hackers know that any large data compromise, like the Yahoo attack, will make people nervous. It’s their favorite time to send out phishing emails with the end of goal of getting people to change their passwords on fake websites with fake log in screens. Passwords should always be updated by going directly to the site, never by clicking on a link on an email. Remember network security is all about layers, always keep anti spam, antivirus and other network security solutions updated.
If you'd like to talk to a security specialist about any network security issues email us at firstname.lastname@example.org
Sign-up for email updates...