News

Yahoo Data Breach Compromises Over 500 Million Accounts

Earlier in the week, reports had begun circling about a rumoured Yahoo data breach. Now Yahoo Chief Information Security Officer Bob Lord has officially confirmed that the company had been the victim of a state-sponsored hacking operation. Most surprisingly is the breadth of the attack, with over 500 million accounts having their information stolen. This makes the incident one of the largest ever to hit a single company.

According to Lord, the “account information may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt), and, in some cases, encrypted or unencrypted security questions and answers“. Furthermore, the attack took place back in late 2014, meaning the hackers may have already done what they’ve wanted to do with the data.

There has been no explanation yet about how the attack took place, who did it or why it took so long for Yahoo to discover they were compromised. At this point, the investigation is still ongoing but there is no indication that attackers are still in the system. Yahoo is working with unspecified law enforcement agencies tin response to the data breach.

For now, Yahoo is notifying potentially compromised users and suggesting that they change their passwords, security questions as well using two-factor authentication. Given the time frame, most of the damage is likely already done. Even if Yahoo is not prompting you, I would suggest changing any passwords dating before 2015 as a precaution. Luckily, the majority of the passwords were hashed with bcrypt which is designed to slow down the attacker and increase the difficulty. Unfortunately, given the large size, even if a few percent of the passwords were hashed with MD5, those accounts have likely been comprised for a long time. There’s also the question of why some security questions were not encrypted, meaning they could be used to compromise other accounts.

Once it seems like that age old adage that there are only those who know they’ve been compromised and those who haven’t discovered they’ve been compromised holds true. For those users utilizing password managers, changing just the Yahoo password will suffice. But for those that reuse their passwords, now would be the time to reconsider that practice. You can find additional details and security settings to tweak on Yahoo here.

Samuel Wan

Samuel joined eTeknix in 2015 after becoming engrossed in technology and PC hardware. With his passion for gaming and hardware, tech writing was the logical step to share the latest news with the world. When he’s not busy dreaming about the latest hardware, he enjoys gaming, music, camping and reading.

Disqus Comments Loading...

Recent Posts

Twitch Now Banning All Content Focusing On Intimate Body Parts

As by now, I'm sure you are aware Twitch has decided to go ahead and…

17 hours ago

Seconds Patch of “Operation Medic Bag” For Payday 3 Released

I doubt many of you have been keeping up with Payday 3 which is understandable…

18 hours ago

MSI Announces SPATIUM M580 FROZR With A Huge Cooler

Today MSI has announced a new Gen 5 SSD, the SPATIUM M580 FROZR which comes…

18 hours ago

LENRUE PC Speakers, USB/USB-C Powered Computer Speakers with Loud Stereo Sound

Stereo and Noiseless - Without any noise! After multiple debugging, suppress static. Become clearer and…

19 hours ago

HP M27f Ultraslim Monitor 27 Inch

PICTURE-PERFECT IMMERSION – Work or play on a monitor that redefines high definition with its…

19 hours ago

Govee LED Light Bars, Smart WiFi RGBIC TV Backlight

Syncs With Your Music: With an internal high-sensitivity mic, Govee Flow Plus LED light bars…

19 hours ago