‘State-sponsored’ Yahoo hack hit 500m users
YAHOO is facing demanding questions on why it took two years to inform 500 million users that their personal details had been stolen.
YAHOO is facing demanding questions on why it took two years to inform 500 million users that their personal details had been stolen in what is believed to the biggest attack of any company’s computer network.
The revelations today put pressure on the $6.33 billion deal in which Verizon is set to buy out Yahoo with recode reporting executives at Verizon are angry they were not informed of the severity of the attack in making the deal.
The massive size of the hack has come as a surprise even though there have been rumours for weeks that Yahoo was hit in a security breach in 2014.
Back in June, a hacker who goes by the name of Peace claimed to have 200 million user accounts and was looking to sell them online. The same hacker had previously stolen data from MySpace and LinkedIn.
Yahoo says that the stolen information includes “hashed passwords”, which converts passwords into a seemingly random string of characters, but not unprotected passwords.
It is difficult to imagine how @yahoo could have handled this security breach worse. You deserve the anger you're facing, Yahoo.
— Joel Burton (@wjoelburton) September 22, 2016
In a statement today, Yahoo admitted that its systems had been breached and details including names, email addresses, telephone numbers, birth dates and even security questions, were stolen by someone it described as “a state-sponsored actor.”
“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen,” the statement said.
“Yahoo is working closely with law enforcement on this matter.”
Yahoo is recommending its users update their password if they have not done so since 2014. That advice extends not just to those who use Yahoo Mail but also have Yahoo services such as Flickr and Tumblr.
Yahoo has started contacting potentially affected users and urged them to create new security questions so that the old ones can no longer be used to access their account.
In the statement, Yahoo said “online intrusions and thefts by state-sponsored actors have become increasingly common”. Yahoo launched a program last year to alert its users when it had been the victim of such a hack, although so for the program had only identified 10,000 people — a figure far shorter than the 500 million now revealed.
Yahoo recommends all of its users to do four steps:
• Change your password and security questions and answers for any other accounts on which you use the same or similar credentials as the ones used for your Yahoo Account.
• Review your accounts for suspicious activity.
• Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
• Avoid clicking on links or downloading attachments from suspicious emails.
The Sunnyvale, California-based company, led by CEO Marissa Mayer, has one billion monthly active users.
— additional reporting Reuters
