Yahoo confirmed that at least half billion of its users’ accounts were hacked by a state-sponsored hacker, who perpetrated a cyber attack on its network in late 2014.
According to the company the hacker stole a copy of certain user information that may have included users’ names, birthdates, e-mail addresses, and hashed passwords. The hacker may also have taken encrypted or unencrypted security questions and answers in some cases.
Yahoo’s ongoing investigation indicated that the hacker failed to access unprotected passwords, bank account information or payment data during the data breach. The tech giant did not find evidence that the cybercriminal is still on its network.
The same hacker stole users’ data from LinkedIn, Myspace
The company conducted an investigation on its network after a hacker claimed to have the account information of its users from a cyber attack and the data are for sale on the dark web. A report from Motherboard suggested that it was the same hacker who sold users’ data stolen from LinkedIn and MySpace in 2012.
LinkedIn decided to invalidate all of its users’ accounts that were created before the 2012 data breach. The company took the step in May after it became aware that the hacker was selling the stolen data from its network. At the time, the company also assured users that it implemented stronger security measures including using automated tools to identify and block any suspicious activity on every LinkedIn account.
What should Yahoo users do to secure their online accounts
Yahoo is sending notices to users whose personal data may have been stolen by the hacker from the data breach. The company already implemented measures to secure its users’ accounts such as cancelled unencrypted security questions and answers.
Yahoo is also encouraging users to do the following:
- Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
- Review your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
- Please consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.