Earlier in the week, reports had begun circling about a rumoured Yahoo data breach. Now Yahoo Chief Information Security Officer Bob Lord has officially confirmed that the company had been the victim of a state-sponsored hacking operation. Most surprisingly is the breadth of the attack, with over 500 million accounts having their information stolen. This makes the incident one of the largest ever to hit a single company.
According to Lord, the “account information may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt), and, in some cases, encrypted or unencrypted security questions and answers“. Furthermore, the attack took place back in late 2014, meaning the hackers may have already done what they’ve wanted to do with the data.
There has been no explanation yet about how the attack took place, who did it or why it took so long for Yahoo to discover they were compromised. At this point, the investigation is still ongoing but there is no indication that attackers are still in the system. Yahoo is working with unspecified law enforcement agencies tin response to the data breach.
For now, Yahoo is notifying potentially compromised users and suggesting that they change their passwords, security questions as well using two-factor authentication. Given the time frame, most of the damage is likely already done. Even if Yahoo is not prompting you, I would suggest changing any passwords dating before 2015 as a precaution. Luckily, the majority of the passwords were hashed with bcrypt which is designed to slow down the attacker and increase the difficulty. Unfortunately, given the large size, even if a few percent of the passwords were hashed with MD5, those accounts have likely been comprised for a long time. There’s also the question of why some security questions were not encrypted, meaning they could be used to compromise other accounts.
Once it seems like that age old adage that there are only those who know they’ve been compromised and those who haven’t discovered they’ve been compromised holds true. For those users utilizing password managers, changing just the Yahoo password will suffice. But for those that reuse their passwords, now would be the time to reconsider that practice. You can find additional details and security settings to tweak on Yahoo here.
According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…
A new AMD processor in the form of an engineering model has been leaked in…
SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…
SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…
Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…
Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…