Yesterday it was alleged that Yahoo would report a hack of some 200 million user accounts.
The firm has now confirmed that 500 million accounts have been compromised. The hack is believed to have been executed in late 2014 allegedly by a state-sponsored attacker.
The information gleaned from the hack includes; names, email addresses, telephone numbers, dates of birth, passwords hashed with bcrypt, as well as both encrypted and unencrypted security questions.
That is a whack of information that might still be relevant today, especially in the case of security questions.
The only information the hacker did not get away with was payment information. “Payment card data and bank account information are not stored in the system that the investigation has found to be affected,” said Yahoo.
While the firm has said that it does not believe the attacker is currently in the Yahoo network, it is notifying affected parties and implementing additional security measures. What those additional security measures are exactly are unclear and we suspect Yahoo won’t be revealing them.
The overwhelming question after all of this has come to light is whether this is the end for Yahoo.
The search engine is set to be acquired by US network operator Verizon but a hack of this magnitude is sure to influence the value of the $4.8 billion (~R65.1 billion) acquisition.
We strongly advise anybody who uses or has used a Yahoo account to change all their passwords and where possible change the answers to security questions. This might also be a great time to consider two-factor authentication, just to be safe.[Source – Yahoo][Image – CC SA BY 2.0 hackNY.org]