Yahoo Data Breach Compromises Over 500 Million Accounts

/ 7 years ago

yahoo emails

Earlier in the week, reports had begun circling about a rumoured Yahoo data breach. Now Yahoo Chief Information Security Officer Bob Lord has officially confirmed that the company had been the victim of a state-sponsored hacking operation. Most surprisingly is the breadth of the attack, with over 500 million accounts having their information stolen. This makes the incident one of the largest ever to hit a single company.

According to Lord, the “account information may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt), and, in some cases, encrypted or unencrypted security questions and answers“. Furthermore, the attack took place back in late 2014, meaning the hackers may have already done what they’ve wanted to do with the data.

There has been no explanation yet about how the attack took place, who did it or why it took so long for Yahoo to discover they were compromised. At this point, the investigation is still ongoing but there is no indication that attackers are still in the system. Yahoo is working with unspecified law enforcement agencies tin response to the data breach.

For now, Yahoo is notifying potentially compromised users and suggesting that they change their passwords, security questions as well using two-factor authentication. Given the time frame, most of the damage is likely already done. Even if Yahoo is not prompting you, I would suggest changing any passwords dating before 2015 as a precaution. Luckily, the majority of the passwords were hashed with bcrypt which is designed to slow down the attacker and increase the difficulty. Unfortunately, given the large size, even if a few percent of the passwords were hashed with MD5, those accounts have likely been comprised for a long time. There’s also the question of why some security questions were not encrypted, meaning they could be used to compromise other accounts.

Once it seems like that age old adage that there are only those who know they’ve been compromised and those who haven’t discovered they’ve been compromised holds true. For those users utilizing password managers, changing just the Yahoo password will suffice. But for those that reuse their passwords, now would be the time to reconsider that practice. You can find additional details and security settings to tweak on Yahoo here.

Topics: , , , ,


By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.

eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram
  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch
  • Features

Send this to a friend