On Thursday, September 22, 2016, Yahoo publicized a 2014 data breach “associated with at least 500 million user accounts.” This may be the largest data breach ever, in terms of those affected. Experts believe it could have a ripple effect online for years to come.
What type of information may have been compromised?
- Email addresses;
- Dates of birth; and
- Encrypted or unencrypted security questions and answers (in some cases).
Who is responsible for the breach?
- Yahoo believes that a “state-sponsored actor” is to blame; someone acting on behalf of a government.
- The FBI is investigating the breach, and one of the major “cyber-threats” to the U.S., i.e. China or Russia, are suspects.
How long has Yahoo known about this?
- There were reports of a breach in August 2016, when a hacker was purportedly selling data from 200 million Yahoo users on the dark web. The hacker is named “Peace,” and has previously been linked to the sale of stolen accounts from social media sites MySpace and LinkedIn.
What should one do if he or she has a Yahoo Account?
- Yahoo has published an “Account Security Issue FAQs” page to help inform and guide users through this security breach.
- Other steps that users can take immediately:
- “Change passwords and security questions”; and
- “Review non-Yahoo accounts” for suspicious activity.
- Other steps that can be taken to secure online accounts, in general:
- “Change passwords often”;
- “Never use the same password twice”;
- “Pick better passwords”;
- “Use a password manager”;
- “Update security questions”;
- “Be alert”;
- “Turn on two-factor authentication”.
As potentially the largest data breach in history, there will be much more to report on this topic in the coming weeks, months, and years. This will not only affect Yahoo’s users, but the company itself, as it is in the middle of a billion dollar acquisition deal with Verizon. In July 2016, Verizon announced that it would purchase Yahoo’s core properties for $4.38 billion. This deal was originally slated to close in the first quarter of 2017.