Yahoo Hack Sept 2016
By now you’ve probably heard about the massive data breach at Yahoo (YHOO, Tech30) where as many as 500 million user accounts have been compromised. Here’s what you should know.
On September 22, 2016, Yahoo announced a breach of at least 500 million user accounts in a statement by Bob Lord, CISO. The incident is under investigation but Yahoo has not identified the responsible parties as of yet. Hackers may have gained access to users’ names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. Yahoo does not believe that unprotected passwords, payment card data, or bank account information were included in the stolen data.
What is different about this breach?
Luckily, it doesn’t appear as if financial information was affected in this breach, but email accounts can contain plenty of information that could put your identity at risk. And if you’re like the thousands of Americans who reuse passwords, the risks are even higher, because a hacker could essentially gain access to several other important accounts through your compromised email password.
Warning signs and precautions you can take:
Change your passwords: Potentially affected users should change their passwords and adopt alternate means of account verification. Additionally if you reused your Yahoo password on other accounts, change those passwords too.
Request for your information: Be suspicious of mail, email or phone calls claiming to be from Yahoo – especially if it requests you provide personal information or refers you to a web page asking for personal information.
Review accounts for suspicious activity: Watch for signs that your information is being used for unauthorized activity and avoid clicking on links or downloading attachments from suspicious emails.