yahoo Yahoo: Information On At Least 500 Million Accounts Stolen

[vissha]

Yahoo: Information On At Least 500 Million Accounts Stolen

 

Yahoo released an important message about Yahoo User Security on the official company blog a moment ago confirming that information on at least 500 million Yahoo accounts was stolen in late 2014.

 

The company believes that a state-sponsored actor is behind the attack. According to the blog post, names, email addresses, telephone numbers, birth dates, hashed passwords, and in some cases encrypted or unencrypted security questions and answers were stolen.

 

Yahoo states that there is no evidence currently that unprotected passwords, payment card data, bank account information or other financial information were among the stolen data.

 

Quote

Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.

 

Yahoo plans to inform affected users starting doing. The message that the company plans to send out may differ from region to region. You can check the U.S. message here (PDF document).

 

 

The email includes information on what happened, what information was involved, what Yahoo is doing, and what individual users can do about it.

 

Yahoo will ask users that are affected to change their passwords and add alternate means of account verification to the account. The company has invalidated any unencrypted security questions and answers, and recommends that users who have not changed their Yahoo passwords since 2014 to do so immediately.

 

To change the Yahoo password, do the following:

1. Load the Yahoo Account page.
2. Click Account Security, and then on change password.
3. Enter and confirm your new password.
4. Click on continue, and then on continue again to complete the process.

Yahoo asks users furthermore to change account passwords and security questions/answers for any other account that has been associated with the Yahoo account, or where the same email address and password were used.

 

Yahoo users should expect to get spam communications and emails that may be personalized.

 

 

One option to strengthen the security of the Yahoo account is to use Yahoo Account Key. This is an authentication tool that is integrated into the Yahoo application for Android and iOS, and available for set up from a web browser as well.

 

Additional information about Yahoo Account Access are available here.

 

Closing Words

 

It is rather frightening that information about year-old hacks that dumped millions of user account information come to light years later only, if at all.

 

It is clear that anyone with access to the data had years to exploit the information and decrypt passwords. While it makes sense for Yahoo to inform users now that they need to change passwords on Yahoo and on third-party sites if username and password was shared, it may very well be too late for a lot of accounts.

 

Now You: Are you affected by the security breach?

 

Source

[straycat19]

Talking about a security breach 2 YEARS after the fact is really useless.  Any value to the hackers was used in the first 90 days after the hack since any use of the information would have been detected after that use by the user and some action taken.  And according to the data they didn't get listed above, they really didn't get much at all, which is why it may have taken so long to identify the breach.

[steven36]

I dont use Yahoo mail for many years but I know someone who does when  they went to check there mail a message pop up and told them not to click any emails saying there from  Yahoo . Yahoo dont send emails they warn you about things through the system . As far as things being  patched with in 90 days that is not always so  Microsoft patched a hole in there browser that was in it.. they known for two years ..Chrome has a hole in its browser that needs patched that has been made public that the 90 days is up..

[Holmes]

I have a yahoo account and hardly ever use it.

[pc71520]

I own a Yahoo! e-mail account but rarely use it.