On Thursday night, Yahoo sent out a “NOTICE OF DATA BREACH” to its users, claiming it believed a 2014 hack, which compromised at least 500 million users, was done by state-sponsored actors. The company does not believe the attacker is still in its systems.
Also read: Poloniex to Ban New Hampshire Residents
An internal investigation confirmed a copy of “certain user account information” was stolen from the California tech giant’s systems in late 2014 by what Yahoo believes is a state-sponsored actor. The company is working with law enforcement and “working diligently to protect” its users.
What Happened in the Yahoo Breach?
According to the release, the stolen user account information may have included “names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.”
The investigation, Yahoo says, points towards stolen information not including unprotected passwords, payment card data, or bank account information. That information was on other servers. Yahoo urges users to change their passwords and adopt a new means of account verification. Yahoo invalidated unencrypted security questions and answers so they cannot be used to access accounts.
The company recommends users who haven’t changed passwords since 2014 do so now.
“Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information,” Yahoo warns. “Avoid clicking on links or downloading attachments from suspicious emails.”
The company further asks: “Additionally, please consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.”
Encryption has become a central topic of discussion in the technology sector. As the world has grown more interconnected, and more antagonistic, worries about data being used as weapons against individuals and organizations have grown. Examples of this can be seen in the many highly publicized hacks in recent years. Further, novel inventions such as Bitcoin, which uses encryption technology to secure a payment network and token system, have bolstered discussion of encryption methods.
What do you think about this announcement? Should users have been warned earlier?
Images courtesy of Kimberly White via Getty, Yahoo.