Yahoo, who is well known as a guide to digital information discovery, advanced emailing system, connectivity, information, search engine and entertainment of digital content products, has confirmed a data breach that has impacted around 500 million users online. Yahoo has said that a confidential copy of some user account information was stolen from their network. The breach occurred in late 2014, which is believed to be a state-sponsored actor’s activity.
According to the latest Business Insider report, this could be one of the largest data breaches of all times that the internet world has experienced. The company adds that the account information stolen includes sensitive information known as Personally Identifiable Information (PII) which includes user names, telephone numbers, email addresses, birth dates and hashed passwords. In some of the cases, important encrypted and unencrypted security questions and answers were also stolen.
The details of the breach were confirmed through an intense investigation conducted by Yahoo! Inc. itself. According to the ongoing investigation, the stolen information by the hackers didn’t include any unprotected passwords, bank account info or credit card data. Credit card data and account details are not stored in the same systems that were affected by this breach. While Yahoo’s communication about the incident highlights the company’s beliefs that the breach was conducted by a state-sponsored actor, they claim that there is no further evidence that the perpetrator is still within Yahoo’s network. Currently Yahoo is working with the FBI for further investigation.
Yahoo has already notified its potential users whose accounts were affected and is asking them to change their passwords immediately. Additionally, Yahoo has invalidated all unencrypted security questions and answers that were stolen to prevent them from being used to further compromise user accounts.
Online protection guide from Yahoo:
Yahoo strongly encourages its users to help protect themselves online by following this guide:
- Review your online account frequently for any kind of suspicious activity.
- Change your password periodically to keep your account more secure.
- Do not use the same question and answer which you have already used for some of your other online accounts, other than your Yahoo account.
- Periodically update security question and answers after every 2–3 months.
- Avoid clicking on suspicious links that may take you to malicious websites.
- Avoid downloading any kind of suspicious attachments in emails you receive.
- Avoid giving any kind of personal information unless you’re sure about the authenticity of the person or company asking for them.
For additional ways to make sure you are being secure when browsing online, read our blog to help you make sure you are browsing safely.
Although Yahoo and other companies have an interest in protecting their systems, it is important for users to educate themselves on how to protect their information online as suggested by Yahoo.
The investigation into this data breach at Yahoo with the FBI is still on-going and we can only hope that they will increase investment in their security program as a result. Other companies should take note — no one is immune from these kind of attacks, and it is better to take a proactive approach to application security to avoid the high cost and exposure that results from a large security breach.