On Thursday, Yahoo revealed a massive security breach which it said affects at least 500 million users accounts, amid the ongoing sale of its core business.
The hack involves more victims than any other cyber hacking incident in history. The company says that a copy of some user account information was stolen from the company’s network in late 2014 by what it claims is a state-sponsored actor. The stolen information includes names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted security questions and answers.
Here are 5 important facts and how you can protect yourself:
1. The internet giant is notifying all users who are potentially affected. It claims to have secured their accounts by invalidating unencrypted security questions and answers in order to assure that they cannot be used to access an account.
2. The company is working with law enforcement. Its investigation so far has confirmed that unprotected passwords, payment card data, and bank account information were not part of the information which was stolen. Additionally, there is no evidence that the hacker is currently in Yahoo’s network.
3. According to CNBC, “Recode had originally reported that Yahoo was poised to announce a data breach, but that report estimated that hackers had access to just 200 million user accounts.” That is less than half of what the company ultimately disclosed.
4. Yahoo revealed the details of a hack in a statement:
— Alex Fitzpatrick (@AlexJamesFitz) September 22, 2016
5. News of the breach was first revealed in August of this year. A well known hacker by the name of Peace_of_Mind or Peace claimed that he had available for sale 200 million Yahoo user names and passwords for $1,900 total. According to the Wall Street Journal, Peace had previously sold data from breaches at Myspace and LinkedIn.
Here is what you can do to protect yourself:
- If you have a Yahoo account, including Yahoo Mail or Flickr, you should change your password. For tips on how to pick a password, you can consult security guru Bruce Schneier.
- Yahoo’s security questions — like your mom’s maiden name, etc. — have likely also been hacked. Yahoo recommends that you disable your security questions.