Yahoo data breach – change your password now!
Yahoo has confirmed that a copy of certain user account information was stolen from their systems in late 2014, by what they believe is a state-sponsored actor. A state-sponsored actor is the term used to describe someone who is acting on behalf of a governmental body. The data breach is said to have affected 500 million users.
Yahoo isn’t saying why it arrived at the above conclusion, but says it’s working closely with law enforcement on this matter, and is working diligently to protect customers.
The stolen user account information may have included: names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
The ongoing investigation suggests that the stolen information did not include unprotected passwords, payment card data or bank account information. Payment card data and bank account information are not stored on the system that the investigation has found to be affected.
Yahoo say the hack actually occurred in late 2014, but that they only recently learned of the data breach. If true, that means the perpetrators had two years to secretly exploit users’ data.
Yahoo is emailing accounts it believes may have been affected, to advise that all users who have not changed their passwords since 2014 do so now; also adopt alternate means of account verification.
For more information about this issue and Yahoo”s security resources, please visit the Yahoo Security Issue FAQs page available here.