Yahoo today announced what can easily be called a cyber catastrophe, where accounts of over 500 million users were compromised. During the ongoing investigation, the company s Chief Information Security Officer Bob Lord confirmed that a copy of certain user account information was stolen from the company s network in late 2014 by what Yahoo believes is a ‘state-sponsored actor’. This massive attack, which affects so many people, has naturally raised quite a few questions as to who was actually behind the attack and what does the hack mean for users personal security. We have gathered everything that you need to know about the world s biggest online hack. Also Read - Your Window PC can now run Android appsAlso Read - Yahoo Groups to shut down from December 15
Was every Yahoo user affected by the hack? Also Read - WordPress owner Automattic buys Tumblr from Verizon
The first thought that strikes a user’s mind when they learn of a hack is if they were affected by it. Although the hack was a massive one and a lot of users have been affected by it, you may not necessarily have been affected by it too. Over 500 million Yahoo accounts have been hacked into, and there are certain ways to find out if your account was compromised as well. To begin with you would receive a disclaimer mail from Yahoo informing that you have been affected. There are also websites that track data breaches and that can help you find out immediately if your account has been compromised.
What information was stolen?
The second-most important thing to know when an internet hack takes place is what information did the hackers get access to. Yahoo has revealed that the stolen account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers. ALSO READ: Yahoo hack: Here s how to find out if your account has been compromised
What information is still safe?
In the rush of all these bad news, the good news is that ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information. Yahoo also pointed out that the payment card data and bank account information were not stored in the system that was attacked, in the first place.
Who’s the hacker?
The only reason that this online hack stands apart from the previous such incidence is not only because it affects so many people, but also due to the alleged state conspiracy involved in it. According to Yahoo, the breach which took place back in 2014, may have been executed by a state-sponsored professional. Additionally, TechRadar reported that the attack was allegedly worked by a hacker who goes by the name ‘Peace’. Another report by WIRED identifies the hacker as a former member of a team of Russian hackers who attacked a number of sites in 2012 and 2013 and sold stolen data on the dark web. Peace is the same hacker, which had last month gained access into accounts of 200 million users and had put those accounts online for sale
What is Yahoo doing about it?
After its investigation confirmed the hack, Yahoo took immediate measures to alert and protect its users. The company has been notifying potentially affected users, and the step they could take to protect themselves further. Further, Yahoo has invalidated unencrypted security questions and answers so they cannot be used to access an account. Additionally, Yahoo says that it is continually working to enhance their systems that detect and prevent unauthorized access to user accounts.
What can you do about it?
Regardless of if you your Yahoo account has been affected or not, there are a few steps that you must take to maintain your account’s safety. Firstly, since the account dates back to a breach in Yahoo s system in 2014, Yahoo recommends users who haven t changed their passwords since then, to do so immediately. However, we recommend every Yahoo user to anyhow change their password, and opt for two-factor authentication. ALSO READ: Yahoo hack: Take these steps immediately to protect your account
Why did Yahoo take so long to warn everyone?
Although Yahoo has today revealed about the attack, it is unclear just how long the company knew about it. In a report by Recode yesterday, it was leaked a day in advance that Yahoo will be revealing news about a massive data breach into its system. During the attack that happened last month in August, Motherboard had reported that A notorious cybercriminal is advertising 200 million of alleged Yahoo user credentials on the dark web, and the company has said it is aware of the hacker s claims, but has not confirmed nor denied the legitimacy of the data.
In all probabilities, Yahoo was investigating the authenticity and magnitude of the hack before revealing it to the public.
What does this mean for Yahoo?
The reports about the data breach comes in the middle of an acquisition process, where Yahoo s core internet operations and land holdings is being taken over by Verizon communication, in a deal that was struck for $4.8 billion. This deal will bring the web portal together with its longtime rival AOL. The scale of liability may be large for the new owner and may come as an unexpected headache. The Recode report also suggests that the data breach event could also lead to alterations in the price of transaction, which in turn could be an issue for the shareholders.
Additionally, since Yahoo has blamed a state-sponsored actor to be behind the hack, it is would not be long before class action lawyers begin to sue Yahoo for its claims. Federal and state regulators may also soon launch investigations about Yahoo s claims, and possibly demand fines or penalties from the company.