Yahoo says “state-sponsored” hackers stole information from about 500 million users in what appears to be the largest publicly disclosed cyber-breach in history.
The breach, which happened in 2014, has only just been made public and breached data includes names, email addresses, telephone numbers, dates of birth and encrypted passwords, but not credit card data, Yahoo said.
The significance of this breach is the sheer scale of it, which may result in many people not realising it has affected them.
Many of the users whose accounts are caught in the breach will have signed up years ago – at least before 2014. Therefore many of these people may have forgotten that they even have an account and may not be able to be contacted by Yahoo. Furthermore, the company runs a number of other services, many of which require a Yahoo account to log in too. Flickr, for instance, was bought by Yahoo in 2005. Yahoo has said that it will be contacting all of the people involved in the hack but on a scale of this size which dates back years we’re not so sure this will remedy the situation.
How Do I know I’ve been hacked?
Yahoo says it’s now notifying users who may have been affected. As we previously mentioned that due to the scale of the hack, it’s safest to assume that if you had a Yahoo account in 2014 it may have been compromised, and to take appropriate action to protect yourself.
What to do if I’ve been hacked?
Yahoo has advised account holders to change their passwords and security questions and answers if they believe they have been compromised. Furthermore, we would also urge you to change the password on other accounts that share similar log in details, as that can always be a further threat in these instances.
Security tips published by Yahoo include:
- Review accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
Bob Lord, Yahoo’s chief information security officer, has released this statement on the attack: “An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the crosshairs of adversaries.
“Through strategic proactive detection initiatives and active response to unauthorised access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure.”
<-- Return to Blog