Yahoo confirmed on 23rd September, Thursday that a hack attack placed in late 2014 has stolen more than 500 million of its user accounts. This makes it one of the biggest hack ever in terms of scale and users.
When compared with other large-scale hack attacks, LinkedIn got its 117 million accounts ripped off in 2012, while earlier this year 360 million MySpace accounts were also compromised.
Below is the exact statement given by Yahoo on their website:
We have confirmed, based on a recent investigation, that a copy of certain user account information was stolen from our network in late 2014 by what we believe is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.
The information stolen includes users’ names, email addresses, telephone numbers, dates of birth and, even encrypted or unencrypted security questions and answers in some cases.
Per Thorsheim, a Norway-based cyber security advisor, says that this hack “will cause ripples online for years to come.”
He also added even though bank accounts and social security numbers were not compromised; people should be wary of this hack attack’s effect on other social accounts. And because the breach happened two years ago, a lot of accounts with same passwords as that time are still highly vulnerable.
What to do if your account has been hacked?
The first order of the day is to read this statement from Yahoo,
Please note that the email from Yahoo about this issue does not ask you to click on any links or contain attachments and does not request your personal information. If an email you receive about this issue prompts you to click on a link, download an attachment, or asks you for information, the email was not sent by Yahoo and may be an attempt to steal your personal information. Avoid clicking on links or downloading attachments from such suspicious emails.
There are a number of steps you can take to protect yourself from hackers; top most being changing your email passwords and using a different and complex password for every account.
If your account is was one of the suspected compromised one, you will be prompted to enter a new password as soon as you log on.
You should also look through your outbox, calendar, etc. for any suspicious activity.
Other than that, it might be a good idea to employ two-step verification now that these sort of attacks are becoming commonplace. Other than the mobile verification, you can also use Yahoo Account Key. It eliminates the need to memorise a Yahoo password, and using a Yahoo Android or iOS app, you can easily log in to your account, and select Account Key. Each time you will access your account, Yahoo will send a confirmation to your phone app for double confirmation.
Although it sounds a bit of a headache; never before this idiom has been more apt, “Better safe than sorry”.
Have you been affected by the Yahoo hack attack? How did you respond? Comment below!