September 23, 2016 by

Yahoo Data Breach Compromises Half a Billion User Accounts

Yahoo has finally confirmed the results of its investigation of a data breach and it does not make for pretty reading. The technology giant has stated that at least 500 million users’ account details have been compromised.

Yahoo has confirmed a staggering data breach that saw information stolen from the company’s network in late 2014, one that the company believes stemmed from a state-sponsored hacker. The alleged cybercriminal stole information associated with “at least 500 million user accounts”, Yahoo said, while adding that the investigation did not find any evidence that the hacker is still in Yahoo’s network.

Yahoo believes the following information may be compromised. The technology giant stated:

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

The company also confirmed that it is working with law enforcement, aiding investigations of the data breach.

Yahoo is reaching out to potentially affected users with information to help secure their accounts. Chief among them are invalidating unencrypted security questions and answers and, of course, asking potentially affected Yahoo users to change their passwords. In a sweeping move, Yahoo is also recommending all users change their passwords if they haven’t done so since 2014.

Furthermore, the fallout also represents a threat to other online accounts belonging to Yahoo users – if the same credentials and security information are used in other accounts.

In its press release, Yahoo insisted that online breaches and thefts by state-sponsored hackers have become commonplace across the technology industry. The company revealed that Yahoo and other major technology companies have launched programs to detect and notify users proactively when there is suspicion of a state-sponsored hacker targeting a user account. Yahoo’s program began in December 2015 and has, thus far, issued notices to 10,000 users.

LIFARS recommends Yahoo users change their account passwords immediately. An FAQ issued by Yahoo with additional details of the breach and how users can secure their accounts can be found here.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Security Researchers Discover Trove of 1.4 Billion Credentials

Security researchers at dark web monitoring firm 4iQ have stumbled upon a massive 41GB data file of...

Read more arrow_forward

Canadian Hacker Pleads Guilty to Yahoo Breach Instigated by Russia

A Canadian national accused by the United States of helping Russian intelligence agents breach into...

Read more arrow_forward

Yahoo! Still Doesn’t Know Cause Behind Biggest Data Breach Ever

Former Yahoo CEO Marissa Mayer has admitted that the web giant still doesn’t know the cause behind...

Read more arrow_forward