Earlier in the day, Recode reported that Yahoo would make a big announcement on one of the biggest breaches ever. They (Yahoo) revealed that at least 500 million user account credentials may have been stolen by hackers they believe are state sponsored.
Credentials like telephone numbers, email addresses, passwords, birthdays and names may now be in the hands of these “state sponsored” hackers. According to the company, this may have been stolen in 2014 and the big question here is why they are revealing this after Verizon made a $4.8b this past July to buy Yahoo.
Well Verizon has something to say about that, earlier in a tweet Verizon said they were notified of the incidence two days ago. Now they are investigating to see if the fallout from this may affect Verizon core interests.
Did somebody hide something?
Well we don’t know this for sure but it’s possible. If it turns out to be so, expect that this deal may be called off and law enforcement investigations to follow.
What you should do
The simplest thing to do is to change your password and update your security questions and other relevant information on Yahoo. Also make sure you have a secure alternate email set up in case your account has been hijacked.
History of major breaches;
We start with the probably the biggest of them; MySpace. We reported that MySpace that accounts created prior to June 11, 2013 may have been compromised. The database contained about 360 million accounts with 427 million passwords and now they are asking people to change their passwords as well.
LinkedIn is next in line because of the scale and amount of time it took them to realise this. Over100 million accounts were compromised and now they have asked users to change their passwords which is usually the first line of action when it comes to informing users.
The Facebook CEO Mark Zuckerberg’s personal social media accounts on Twitter and Pinterest were compromised last week which has prompted Twitter to suspend the account.
About 30 million Twitter records were reported stolen in June from third part sources. This means the compromise didn’t originate from Twitter servers.
These are just some of the biggest names even as the website that has been publishing these accounts on the dark web now says they have over 1.8 billion records including those from prominent Russian sites.
Here’s more on the story from Yahoo which it posted on its investor relations site
Yahoo is notifying potentially affected users and has taken steps to secure their accounts. These steps include invalidating unencrypted security questions and answers so that they cannot be used to access an account and asking potentially affected users to change their passwords. Yahoo is also recommending that users who haven’t changed their passwords since 2014 do so.
Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account. The company further recommends that users avoid clicking on links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information. Additionally, Yahoo asks users to consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.
Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry.