In late September, news came out about Yahoo finally admitting to a hack that occurred back in 2014. This was no small hack either, 500 million users were exposed during this breach, yet we’re just finding out now.
Stolen information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers according to Bob Lord, chief information security officer at Yahoo.
Importantly, bank data was NOT stolen and affected individuals will be notified. However, to stay safe, it’s a good idea for all Yahoo users to change their passwords. Yahoo also encourages users to review their accounts for any suspicious activity as well as change passwords for any accounts that use the same or similar passwords they used in their Yahoo account.
As a precaution and general rule of thumb, you should be wary of any emails that appear to be coming from Yahoo, especially if they prompt you to click links, download anything, or give out personal information.
This giant breach is one of the largest on record, and likely was not an easy task. According to Vitali Kremez, a cybercrime analyst at security firm Flashpoint, the hackers probably attacked slowly and quietly, without anyone noticing, over a long period of time.
A 500-million-user data breach is bad news, but that isn’t even the worst of it…
Probably the most unsettling news is that we’re finally finding out now, in 2016. That means that half a billion accounts were compromised for two years. Therefore any information in an affected account could have been compromised. Some individuals use their account for business purposes, and that could put their entire business at risk. The information gained from hacking could also have been used to spam or scam individuals and trick them into giving up more information about themselves than originally taken in the hack.
The security questions are also a threat. Many security questions are standardized and people tend to use the same ones for various accounts. That means that a crafty hacker could potentially exploit your security questions for other accounts that you hold. This hack is a big deal.
As mentioned before: If you have a Yahoo account, you should change your password. If you were affected by the breach, you might even want to consider changing your security questions for other accounts, as well as any passwords that are the same as your Yahoo account. (By the way, while we don’t recommend using the same password for multiple accounts, we know people still do it—but now might be the time to change that habit of yours.)
Got questions about keeping your business protected? Give us a call. We’re here to help.