It looks like despite being sold to Verizon for $4.8 billion, Yahoo’s troubles are far from over. Yahoo officials confirmed on Thursday that a breach in 2014, which was initially reported to compromise data of 200 million users in August, was underestimated in scale and it affects more than 500 million users globally.
Stolen information from users includes names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers. Due to lack any report about stolen credit card information, Yahoo believes the attack to be state sponsored. Russian and Chinese hackers, with a blessing from their respective governments, have been allegedly behind such attacks in the past. However, no attack has affected such a large number of users before.
Yahoo said it is notifying potentially affected users and has taken steps to secure their accounts by invalidating unencrypted security questions and answers so they can’t be used to access an account and asking potentially affected users to change their passwords. Yahoo also recommends users who haven’t changed their passwords since 2014 to do so immediately. In addition to passwords, any security questions or any other fail-safe being used should also be revised to make sure personal data remains uncompromised.
Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry. Your best bet to remain safe while using the internet is to make sure to update your password frequently and use apps like LastPass to generate random and secure passwords.