If you are using Yahoo, you might want to change your password immediately. Or maybe you're like me and you quit Yahoo a long time ago.
The company has confirmed that user account information was stolen from its network in late 2014, and estimates that at least 500 million accounts are affected. Account information stolen includes names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers. Yahoo believes that the hacker was a "state-sponsored actor," but did not name the country it believes was responsible. Yahoo says it has started notifying users it believes were affected by the attack.
Investigation of the breach is still under way but the company believes that the stolen information does not include unprotected passwords, payment-card data, or bank-account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.
“Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry. Yahoo and other companies have launched programs to detect and notify users when a company strongly suspects that a state-sponsored actor has targeted an account,” Yahoo said in a statement.
The company believes that the actor behind the hack is out of Yahoo’s network but it is still working closely with authorities regarding the matter.
Yahoo is also taking steps to secure user accounts by invalidating unencrypted security questions and answers so that they cannot be used to access an account and asking potentially affected users to change their passwords.
If you’re a Yahoo user and have not changed your password since 2014, Yahoo recommends changing it immediately along with updating your security questions. The company also recommends users review their accounts for any suspicious activities and reminds them to avoid clicking on suspicious links or downloading files from suspicious emails.
If you’re one to easily forget passwords the company recommends using its authentication tool, Yahoo Account Key.
The question is whether and why Yahoo waited as long as they did to disclose this information. The breach was suspected as far back as 2014, leading some to believe that perhaps the company has sought to minimize bad news in the midst of a tumultuous time in the company's history, including a recent agreement to sell its core business to Verizon for $4.8 billion. There is no word yet on how or if the massive breach will affect the pending deal. The fact that it also now appears that Yahoo admits that "state" hackers are behind the breach is unsettling to those that use numerous Yahoo services.
Photo credit: Pexels