Yahoo! Confirms Massive Breach
Yahoo confirmed today that late in 2014, according to an investigation recently conducted by the Yahoo security team, the company’s network was breached by what they believe to be a state-sponsored hacker. The hacker was able to breach the Yahoo network server stealing approximately 500 million customer user accounts that included information such as: user names, email addresses, date of birth, phone numbers, hashed passwords, and encrypted and/or unencrypted security questions and answers.
Yahoo and its customers became suspicious that Yahoo was hacked in August 2016 after a hacker named “Peace” began shopping 200 million user accounts online. After the full investigation was complete, it was very apparent that the breach, which is being called one of the biggest in history, was far more detrimental than anticipated.
Yahoo states that they are “working closely” with law enforcement in the continuing investigation into the breach and notifying Yahoo customers by way of emails to those who could have potentially been affected. According to Yahoo their investigation has determined that no bank account information or credit/debit card information was stolen during the cyber breach nor were unprotected passwords.
In their statement Yahoo asks the potentially affected customers to changer their password and security verification method to avoid any further loss of information to the hacker(s), while also trying to reassure the possible victims of the hack that in their ongoing investigation they have found no indication that the state-sponsored hacker has any current presence in Yahoo’s network system.
Yahoo has set up an Account Security Issue FAQs (frequently asked questions) page on the Yahoo site, which is where Yahoo users can go to in order to get answers to any concerns they may have regarding the breach. As well as to find out what steps Yahoo has taken to protect it’s customers account information going forward.
For your convenience we will quote their protective actions directly from the Yahoo FAQs page:
We have taken action to protect our users, including:
We are notifying affected users.
We are asking affected users to promptly change their passwords and adopt alternate means of account verification.
We invalidated unencrypted security questions and answers so that they cannot be used to access an account.
We are recommending that all users who haven’t changed their passwords since 2014 do so.
We continue to enhance our systems that detect and prevent unauthorized access to user accountsOur investigation into this matter continues.
What Steps You Can Take To Prevent Any Further Loss Of Personal Information:
Taking the following precautions is highly recommended:
- If you have used the same password and or security verification questions and/or answers as your Yahoo account for other sites you should change all the others as well as your Yahoo account. Create strong individual passwords for all sites you join.
- Even though the Yahoo security team has stated that no credit card or banking information was taken in the breach you should still closely examine all your accounts and immediately report any suspicious activity.
- When a cyber breach like the one at Yahoo occurs cyber thieves often utilize the stolen information to conduct phishing scams; this is when the cyber criminals may send phony emails that appear to be from known companies or contacts of yours. Be alert for any suspicious emails containing links or asking for sensitive personal information.
- Consider using alternative account authentication tools such as Yahoo’s Account Key which allows you to verify your identity without the use of a password at all.
- Monitor your credit report vigilantly. You are entitled to two free credit reports each calendar year.