On Thursday, Yahoo released a statement confirming a massive data breach of its service, which has left information associated with “at least” 500 million user accounts exposed.
Yahoo confirmed "a copy of certain user account information was stolen from the company's network in late 2014 by what it believes is a state-sponsored actor." Elsewhere, in a FAQ about account security posted in response to the hack, company representatives claim their ongoing investigation “has found no evidence that the state-sponsored actor is currently in Yahoo’s network.”
Business Insider points out the Yahoo leak could be the biggest security breach of all time, even larger than the MySpace breach of 427 million user accounts earlier this year.
Was my Yahoo account affected by the hack?
Yahoo has notified users with accounts likely affected by the data breach via email. In order to avoid phishing, Yahoo has posted an exact copy of the message sent to users regarding account security concerns.
Yahoo also encouraged all users to review all their online accounts for suspicious activity, and Yahoo “to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account.” The company also reminded users to “avoid clicking on links or downloading attachments from suspicious emails” and to “be cautious of unsolicited communications that ask for personal information.”
What kind of information was exposed in the Yahoo hack?
According to Yahoo’s Susanne Philion, “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.”
Is my credit card information safe after Yahoo’s security breach?
Other kinds of data were not affected by the hack, due to the way Yahoo stores this information. Types of unaffected data include “unprotected passwords, payment card data, [and] bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected,” according to Yahoo’s statement.
How will Yahoo’s reputation be affected by this?
In a press release emailed to iDigitalTimes, Ebba Blitz, CEO of encryption provider Alertsec, warned that it would be difficult for Yahoo to recover from such a large data loss:"Customers who are affected by data breaches suffer a significant loss of trust, and this is particularly true of men. According to our study, nearly one in three Americans said it would take them several months to begin trusting a company like Yahoo again following a data breach. 22 percent said it would only take them a month to forgive, but 17 percent of men and 11 percent of women said their trust would be permanently lost. Men are also more likely to switch to a competitor following a data breach than are women." Blitz added, “People’s personal information is, in many ways, the key to their financial and psychological well-being. When a company has allowed their customers’ data to fall into the hands of criminals, the resulting lack of trust is difficult to repair.”
You can read Yahoo’s official message to its users about the security breach here. Yahoo has also set up a detailed FAQ about account security issues on its homepage.
Have you been affected by the data breach? Will it affect how you use Yahoo? Let us know your thoughts in the comments below.