It’s been announced that at least 500m Yahoo accounts have been breached.
Personal data includes names, passwords, emails, phone numbers, and security questions. Yahoo was officially hacked in early 2014 by a state-sponsored hacking collective. Yahoo is currently investigating the hack in cooperation with law enforcement. Yahoo stated that it does not believe any bank or credit card details were compromised in the hack.
“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information. Payment card data and bank information are not stored in the system that te investigation has found to be affected,” Yahoo said in a statement.
Yahoo has begun notifying users who were affected. Anyone who hasn’t changed the password to their Yahoo account since 2014 should probably change it now. Yahoo also stated that they did not breach security questions, so there will be no way for hackers to get access to the accounts.
“Yahoo encourages users to check their online accounts for suspicious activity and to change their password and security question and answers for any other accounts on which they use the same or similar information used for their Yahoo account,” the statement went on.
Yahoo also says users should be careful, and watch for any emails from Yahoo containing links, attachments, or downloads, and that Yahoo is not asking for any personal information from its users.
U.S. Senator Mark Warner describes the breach as being a huge serious problem.
“White its scale puts it among the largest on record, I am perhaps most troubled by news that this breach occurred in 2014, and yet the public is only learning details of it today,” he stated.
Kurt Baumgartner from Kaspersky Lab said:
“The company has demonstrated that it isn’t quick to implement best practices and available security technologies, such as the delay in encrypting IM communications, implementing https for its web properties and more. These types of breaches highlight why all companies, need to be cybersecurity leaders, not followers.”