The latest trend in high profile data breaches continues, with the Yahoo hack being the latest and the absolute biggest breach ever to date. If you have a Yahoo account and haven’t changed your password since 2014, you might be in big trouble. The Yahoo hack is real.
So what happened?
Yahoo is citing that hackers have breached their network late in 2014, and personal data for 500 million customers has been stolen. Adding fire to the fuel is that the hack hasn’t been carried out by a lone wolf in a basement; it’s a “state-sponsored” hack, meaning that it was under some government directive. No government has been named yet.
What was stolen?
In a nutshell, the Yahoo hack includes personal data for 500 million users (as of this writing). This includes names, emails, dates of birth, any phone numbers, and encrypted passwords. The passwords are hashed (encrypted), so the hackers cannot know your passwords, but those can be cracked with software. In the grand scheme of things, it’s likely that accounts for high-profile people will be attempted to be cracked, but it’s still of grave concern to everyone, given that other services could use your name, phone, and birth date to access or recover information. No bank account information has been compromised.
“The FBI is aware of the intrusion and investigating the matter. We take these types of breaches very seriously and will determine how this occurred and who is responsible.”
– FBI
What can you do?
Quite simply, you’ll have to change your password. But other steps you can take:
- Use a password you don’t use on other platforms
- Set up two-factor authentication on Yahoo and all other services you use, where applicable. This means that even if your password has been compromised, the hackers would still need your phone to continue the log in process.
- If you have sensitive emails stored, probably best to download them and/or forward them to another email you use, and then delete them.
What are the reprecussions?
Yahoo’s brand image – which is already suffering – will be damaged for a while to come. This is particularly problematic as the company is in an acquisitions talk with Verizon valued at $4.8 billion, and that this breach has not been communicated to Verizon before. Verizon has acknowledge that Yahoo is taking steps to investigate the breach but otherwise has little information.
That the breach is also state-sponsored is also alarming. Usually, high profile and people of interest are targeted, and the millions of other users are either collateral damage or accounts that could be circulated on the dark web. If people use the same passwords across other services, then those accounts could also be considered compromised.
You can read Yahoo’s press release here.
