News

Yahoo Data Breach Compromises Over 500 Million Accounts

Earlier in the week, reports had begun circling about a rumoured Yahoo data breach. Now Yahoo Chief Information Security Officer Bob Lord has officially confirmed that the company had been the victim of a state-sponsored hacking operation. Most surprisingly is the breadth of the attack, with over 500 million accounts having their information stolen. This makes the incident one of the largest ever to hit a single company.

According to Lord, the “account information may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt), and, in some cases, encrypted or unencrypted security questions and answers“. Furthermore, the attack took place back in late 2014, meaning the hackers may have already done what they’ve wanted to do with the data.

There has been no explanation yet about how the attack took place, who did it or why it took so long for Yahoo to discover they were compromised. At this point, the investigation is still ongoing but there is no indication that attackers are still in the system. Yahoo is working with unspecified law enforcement agencies tin response to the data breach.

For now, Yahoo is notifying potentially compromised users and suggesting that they change their passwords, security questions as well using two-factor authentication. Given the time frame, most of the damage is likely already done. Even if Yahoo is not prompting you, I would suggest changing any passwords dating before 2015 as a precaution. Luckily, the majority of the passwords were hashed with bcrypt which is designed to slow down the attacker and increase the difficulty. Unfortunately, given the large size, even if a few percent of the passwords were hashed with MD5, those accounts have likely been comprised for a long time. There’s also the question of why some security questions were not encrypted, meaning they could be used to compromise other accounts.

Once it seems like that age old adage that there are only those who know they’ve been compromised and those who haven’t discovered they’ve been compromised holds true. For those users utilizing password managers, changing just the Yahoo password will suffice. But for those that reuse their passwords, now would be the time to reconsider that practice. You can find additional details and security settings to tweak on Yahoo here.

Samuel Wan

Samuel joined eTeknix in 2015 after becoming engrossed in technology and PC hardware. With his passion for gaming and hardware, tech writing was the logical step to share the latest news with the world. When he’s not busy dreaming about the latest hardware, he enjoys gaming, music, camping and reading.

Disqus Comments Loading...

Recent Posts

Nvidia’s GeForce RTX 5090 Possible Price Revealed

According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…

10 hours ago

AMD Krackan Processor with 6 Zen 5 and Zen 5c Cores for Budget AI Laptops Leaked

A new AMD processor in the form of an engineering model has been leaked in…

10 hours ago

SK Hynix Begins Production of First 321-Layer NAND Chips

SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…

10 hours ago

Trust Gaming GXT 609 Zoxa 2.0 PC Speakers

SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…

15 hours ago

PowerA Wired Controller for Nintendo Switch

Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…

15 hours ago

Logitech G Saitek PRO Flight Rudder Pedals

Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…

15 hours ago