Yahoo on Thursday said that state-sponsored hackers stole data from at least 500 million accounts in late 2014. The hack is possibly the biggest data breach ever reported at an email provider. According to Yahoo, hackers may have stolen “names, email addresses, telephone numbers, dates of birth, encrypted passwords and, in some cases, encrypted or unencrypted security questions and answers”.
The news of this data breach couldn’t come at a worse time for Yahoo and it poses more severe problems for CEO Marissa Mayer who is closing on a deal with Verizon to sell Yahoo for $4.8 billion. Yahoo for last eight years has faced a journey downhill, it has been firing employees and selling its services to cut costs and put a stop to the falling revenue.
Yahoo’s investigation on this matter has found that hackers did not steal unprotected passwords, payment card data, or bank account information of users. It also said that the investigators haven’t found any evidence that the hacker is currently in Yahoo’s network. In its official statement, the company didn’t specify how it reached the conclusion that state-sponsored hackers are behind the breach.
Yahoo’s chief information security officer, Bob Lord, said that the company is working with law enforcement regarding the massive hack. It has also started notifying users about the breach.
In the security notice, Yahoo has asked potential affected users to change their passwords earliest. The company has also “invalidated unencrypted security questions and answers so they cannot be used to access an account”.
Also read: Hackers running riot, here’s how you can be safe
Yahoo has also recommended all the users who haven’t change their passwords since 2014 to do so.
Yahoo started investigating a possible breach back in August this year when tech site Motherboardreported that a hacker named “Peace” was trying to sell user data belonging to 200 million users.According to Recode, Yahoo had said that it was “aware of the claims” but it did not notify its users to change passwords or take measures.
In the last few years cyber attacks have increased continuously. Earlier this year, LinkedIn had also confirmed that a data breach from 2012 stole information from about 117 million users. In a similar incident, Hold Security firm had found a cache of hundreds of millions of hacked accounts in hacker forums. The hacker responsible for this was selling the whole trove for less than $1.
In a recent blog post, security expert Bruce Schneier said that DDoS (distributed denial-of-service) attacks have increased and a big country like China, Russia or US could be behind it. Hackers use DDoS attacks to overwhelm a website or a server to such an extent that the affected company has to go all out and reveal all its defenses. These attacks are directed at companies that provide infrastructure to make internet work. If accurate, it seems that whoever is behind these attacks is looking to find vulnerabilities in the internet as the world knows it, possibly so that it can be brought down like a house of cards if needed.