Yahoo has been hit by what could one of the biggest data attacks in history, affecting over 500 million users. The worrying news comes about a month after a hacker named Peace claimed he was selling over 200 million such credentials sourced from a 2012 breach.
Yahoo announced its grim state of affairs in a blog post. It confirmed that a copy of certain user information was stolen all the way back in late 2014. The fact that the theft is only being reported now is very troubling and does not bode well for the beleaguered company’s image. The hack couldn’t have come at a worse time for the firm as it’s in the process of closing out a $4.8 billion deal with Verizon.
Yahoo is now working with law enforcement on the case and believes the culprit to be a state-sponsored actor. The brand chose not to specify which country it thinks initiated the attack, though it did clarify that it doesn’t believe the hacker is in its network anymore.
Also Read: Hacker sells millions of Gmail, Yahoo, Hotmail passwords for social media likes
The attacker made away with information associated with at least 500 million consumer accounts including names, numbers, date of birth, email IDs, encrypted or unencrypted security questions and answers, and hashed passwords. The silver lining in all this is that Yahoo’s investigation indicates that the robbery did not include bank account information, unprotected passwords, and payment card data.
It goes without saying that the best thing for any Yahoo user to do right now is change their password, especially if they haven’t done so since 2014. The firm for its part is sending out emails to potentially affected users. Moreover, it’s also invalidating unencrypted security questions and answers so it’s impossible to use them as the keys to an account.
Yahoo is also encouraging people to change their log-in credentials for any other site if the sign-in data is the same or similar to their Yahoo account. This is extremely vital given the spate of hacks recently which came about as a result of people like Mark Zuckerberg, Jack Dorsey and Sunder Pichai using the same password for different platforms.