Yahoo has confirmed that a data breach from 2014 may have affected millions of users. Yahoo believes that the hacking was state-sponsored.
The data breach at the Yahoo network is described as one of the biggest cybersecurity breaches that include sensitive personal information of users.
When Did The Breach Occur?
Yahoo confirmed in a statement that the data breach occurred in late 2014.
Who Are Behind The Hacking?
In a statement, Yahoo described the hackers as a "state-sponsored actor," which means that a country may have used its intelligence service to compromise Yahoo's servers. Some reports point fingers at North Korea, China and Russia; however, Yahoo has not named any specific country behind the attack.
How Many People Are Affected By The Breach And What Information Was Stolen?
The company revealed that personal data of about 500 million users were compromised as part of the breach that occurred in 2014.
"The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers," says Yahoo.
The company revealed that stolen information did not include unprotected passwords, payment card data or bank account information of users.
What Are The Potential Risks To Affected Users?
Security experts suggest that as some passwords were also stolen, hackers could make an attempt to log in to a user's account directly.
Experts believe that even though stolen passwords are encrypted, hackers can potentially decrypt them.
It is worth noting that many users have common passwords for more than one account, which means hackers can relate a Yahoo account password and attempt to access services provided by other companies.
What Should Yahoo Account Holders Do?
It is good practice to change passwords on a regular basis. Now would be a good time to change a Yahoo account password, especially for those account holders who have kept the same password since 2014.
Users should also keep track of their other accounts that have the same password as their Yahoo account.
Why Did Yahoo Take So Long To Find The Data Breach?
Yahoo confirmed that the incident occurred in late 2014 but the company did not make it clear when its engineers found the data breach. In a statement, Yahoo says that a "recent investigation" confirmed the breach, which means that the company may not have known about the breach at all until recently.
What Does It Mean For Yahoo?
The data breach is not good news for the company when Verizon is in talks to acquire Yahoo.
It is also likely that lawyers will start a class-action lawsuit against Yahoo and that regulators will begin their investigations into the hacking incident. The company may have to pay possible fines and penalties because of the breach.
Photo: Christian Barmala | Flickr