Yahoo has finally confirmed the results of its investigation of a data breach and it does not make for pretty reading. The technology giant has stated that at least 500 million users’ account details have been compromised.
Yahoo has confirmed a staggering data breach that saw information stolen from the company’s network in late 2014, one that the company believes stemmed from a state-sponsored hacker. The alleged cybercriminal stole information associated with “at least 500 million user accounts”, Yahoo said, while adding that the investigation did not find any evidence that the hacker is still in Yahoo’s network.
Yahoo believes the following information may be compromised. The technology giant stated:
The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
The company also confirmed that it is working with law enforcement, aiding investigations of the data breach.
Yahoo is reaching out to potentially affected users with information to help secure their accounts. Chief among them are invalidating unencrypted security questions and answers and, of course, asking potentially affected Yahoo users to change their passwords. In a sweeping move, Yahoo is also recommending all users change their passwords if they haven’t done so since 2014.
Furthermore, the fallout also represents a threat to other online accounts belonging to Yahoo users – if the same credentials and security information are used in other accounts.
In its press release, Yahoo insisted that online breaches and thefts by state-sponsored hackers have become commonplace across the technology industry. The company revealed that Yahoo and other major technology companies have launched programs to detect and notify users proactively when there is suspicion of a state-sponsored hacker targeting a user account. Yahoo’s program began in December 2015 and has, thus far, issued notices to 10,000 users.
LIFARS recommends Yahoo users change their account passwords immediately. An FAQ issued by Yahoo with additional details of the breach and how users can secure their accounts can be found here.
Image credit: Pixabay.