Happened in 2014 and at least 500 million users were affected
September 23, 2016: Yahoo, the California-based tech giant, on Thursday said personal information of at least 500 million users was stolen in an attack on its accounts in 2014. The attacker was a ‘state-sponsored actor’, and stolen information may include names, e-mail addresses, phone numbers, date of birth, encrypted passwords and, in some cases, un-encrypted security questions and answers, Yahoo said.
This is probably the largest data breach in history. The web giant called on customers to change their passwords and institute other protective measures, but the largest fallout could be for Yahoo itself. A few months ago, the company agreed to sell its core business to Verizon for $4.8 billion.
The breach highlights the fact that more often than not, companies take months or even years to report a breach. In fact, some prefer not to report them at all.
Verizon said it learned of the incident this week. In a statement, the company said it is monitoring news of the breach. “We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact,” the company said. “We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities. Until then, we are not in a position to comment further.”
Yahoo users can take the following steps now:
- Change password: This is probably the first and the most basic thing that can be done. Users who have not changed their password from 2014 should immediately do so.
- Avoid random clicks: Users should avoid clicking on random links. Also any website or link asking for personal information should be blocked.
- Two-factor authentication: Users should opt for two-step authentication, which often requires a code to be sent to their mobile number.