Yahoo has just confirmed hackers stole personal information from approximately 500 million users in 2014. The breach has been classified as the largest publicly disclosed cyber-breach in history, but we’re only being told about it now.
Although Yahoo announced it was investigating a data breach earlier this summer, at the time they believed only 200 million accounts were affected. Although even that figure is way too high.
The breach involved the theft of names, emails, phone numbers, birth dates and scrambled passwords, as well as “unencrypted security questions and answers” that assist in cracking passwords.
However, according to Yahoo’s website, not everything was stolen. “The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected,” the website said.
Yahoo believes the attack was state-sponsored, which involves online instructions and thefts by state-sponsored actors. They said these were becoming “increasingly common across the technology industry” and that they had now launched a program to “detect and notify users when they suspect a state-sponsored actor has targeted an account.”
The FBI has confirmed they are investigating the attack, and Yahoo is currently notifying all users who might have been affected. They’re also in the process of invalidating affected users’ security questions so they cannot be used to gain access to accounts. Yahoo has advised all users who haven’t changed their passwords since 2014 to do so immediately as a precaution.
Everyone should also be extremely wary of any emails claiming to come from Yahoo, particularly if they ask users to click on links, give away personal information or download attachments.
While Yahoo is working hard to reestablish their reputation, the breach could jeopardise the company’s $4.8 billion sale of Yahoo’s business to Verizon, which was announced in July.
“Yahoo may very well be facing an existential crisis,” said Centrify representative, Corey Williams. “Already besieged by business execution issues and enduring a fire sale to Verizon, this may be the straw that breaks the camel’s back.”
US Senator Mark Warner, also voiced his opinion. “While its scale puts it among the largest on record, I am perhaps most troubled by news that this breach occurred in 2014, and yet the public is only learning details of it today,” he said.
Yahoo is scrambling to “fix” the issues, but for many people it’s already too late.