Computer hackers have taken hold of personal information from at least 500 million Yahoo accounts in what is believed to be the biggest digital break-in at an email provider. The massive security breakdown disclosed Thursday adds to the many headaches for Yahoo CEO Marissa Mayer as she works hard to close a $4.8 billion sale to Verizon Communication.
The breach dates back to late 2014, raising questions about the checks and balances within Yahoo — a fallen internet star that has been letting go off staff to counter a steep drop in revenue the past decade.
The first sign that something was amiss appeared in June, when a Russian hacker who goes by the user name Tessa88 started mentioning, in underground web forums, a new trove of stolen Yahoo data, Mr. Holden said. In July, Tessa88 supplied a sample of the stolen collection to people in the so-called underground web for authentication.
Yahoo stated its investigation concluded that “certain user account information was stolen” and that the attack came from “what it believes is a state-sponsored actor.”
Computer security analyst Graham Cluley argues that while Yahoo said that it believes they hack was state-sponsored, the company provided no details regarding what makes them think that is the case. “If I had to break the bad news that my company had been hacked… I would feel much happier saying that the attackers were ‘state-sponsored,’” rather than teen hackers, Cluley argues.
Two years is an unusually long time to identify a hacking incident. According to the Ponemon Institute, which tracks data breaches, the average time it takes organizations to identify such an attack is 191 days, and the average time to contain a breach is 58 days after discovery.
Recommendations for Users
1) Change passwords for sites that contain sensitive information like financial, health or credit card data as well as your Yahoo account. Do not use the same password across multiple sites.
3) Do not share any personal information about yourself over emails. This includes credit card information, social insurance numbers, and driver’s licenses.
4) You can also now use two-factor authentication with Yahoo by turning on two-step verification from the security page. Yahoo’s two-factor authentication requires you to use a phone to get a code via text or phone call.
There’s no way to prevent yourself from falling victim to hackers. Regularly monitoring your financial records can help minimize the damage if someone gets your information. But only the companies storing your personal data are responsible for securing it.