September 23, 2016 by

Yahoo Data Breach Compromises Half a Billion User Accounts

Yahoo has finally confirmed the results of its investigation of a data breach and it does not make for pretty reading. The technology giant has stated that at least 500 million users’ account details have been compromised.

Yahoo has confirmed a staggering data breach that saw information stolen from the company’s network in late 2014, one that the company believes stemmed from a state-sponsored hacker. The alleged cybercriminal stole information associated with “at least 500 million user accounts”, Yahoo said, while adding that the investigation did not find any evidence that the hacker is still in Yahoo’s network.

Yahoo believes the following information may be compromised. The technology giant stated:

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

The company also confirmed that it is working with law enforcement, aiding investigations of the data breach.

Yahoo is reaching out to potentially affected users with information to help secure their accounts. Chief among them are invalidating unencrypted security questions and answers and, of course, asking potentially affected Yahoo users to change their passwords. In a sweeping move, Yahoo is also recommending all users change their passwords if they haven’t done so since 2014.

Furthermore, the fallout also represents a threat to other online accounts belonging to Yahoo users – if the same credentials and security information are used in other accounts.

In its press release, Yahoo insisted that online breaches and thefts by state-sponsored hackers have become commonplace across the technology industry. The company revealed that Yahoo and other major technology companies have launched programs to detect and notify users proactively when there is suspicion of a state-sponsored hacker targeting a user account. Yahoo’s program began in December 2015 and has, thus far, issued notices to 10,000 users.

LIFARS recommends Yahoo users change their account passwords immediately. An FAQ issued by Yahoo with additional details of the breach and how users can secure their accounts can be found here.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Data Breach: Florida Warns of 30,000 Medical Records Leak Due to Phishing

Florida’s health agency has warned of a data breach that may have exposed the data of up to 30,000...

Read more arrow_forward

India’s National ID Database of 1.2 Billion People Breached for $8

An Indian news publication has reported that the government’s biggest citizen database, a register...

Read more arrow_forward

Here are the 25 Most-Used Passwords of 2017

SplashData has published its annual list the most-used passwords and it makes for some entirely...

Read more arrow_forward