Yahoo Confirms 500 Million Accounts Have Been Stolen
September 22, 2016 Leave a comment
Search engine company Yahoo has confirmed that there has been a data breach in which information from 500 million accounts has been stolen. Yahoo believes it was a “state-sponsored actor” who was behind the breach. A “state-sponsored actor” is someone who is working on behalf of a governmental agency.
Yahoo’s Chief Information Security Officer (CISO) Bob Lord released the following statement:
“We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what we believe is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.”
Lord’s press release also stated that the company is working closely alongside law enforcement to find the perpetrators. In the mean time, the company is notifying users who may have been affected. Lord assured users that Yahoo is doing everything they can to protect against future threats.
“An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the crosshairs of adversaries. Through strategic proactive detection initiatives and active response to unauthorized access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure.”
For security purposes, Yahoo is advising affected users to change their passwords immediately. The company also recommends adopting another form of account verification, such as Yahoo Account Key. Yahoo Account Key links to the user’s cell phone. Whenever a login attempt is made, access can either be granted or denied with the click of a button.
As an added layer of precaution, the company has invalidated unencrypted security questions and answers, making them ineffective for account logins. Users should be wary of any messages coming from unfamiliar sources. Above all, users should never click on any suspicious links or attachments.