Yahoo has been subjected to attacks from multiple ends through out this year, right from investors to U.S. Congress ban on Yahoo Mail. The once tech giant is finally sealed the deal with Verizon to be acquired for $4.8 billion. The people at Yahoo were expecting it to solve most of their issues, but a twist and turn of tale happened when an infamous hacker “Peace” claimed that he was selling 200 million user accounts at the price of 3 bitcoins per detail on August 1st.
Yahoo initially responded that it was aware of the claim, but chose not to comment. According to the sample data obtained by motherboard back then, the data contained usernames, hashed passwords (created with md5 algorithm), dates of birth, and in some cases back-up email addresses from most likely around 2012.
Earlier today, Recode released that Yahoo was poised to confirm this breach by the end of the week, and the numbers were still expected to be close to 200 million. But in an official release from Yahoo to its investors, it had confirmed the breach and that the number is 2.5x the expected user accounts.
A recent investigation by Yahoo! Inc.(NASDAQ:YHOO) has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter..
Get the full report here. For loyal users of Yahoo mail, the following are the security measures as encouraged by Yahoo to ensure your account security.
- Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
- Review your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
Additionally, please consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether. For additional help, please visit Yahoo help.
This admission of the breach is definitely bound to revisit some of the terms and conditions of the acquisition especially during the final days of the completion of the deal. The investors and the Verizon team is still feeling the aftermath of the shock of the confirmation which was initially disclosed to them within the last two days. Verizon’s PR Bob Varettoni explained in a tweet that Verizon will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities without any further comments.
Verizon statement this afternoon regarding Yahoo security incident. $VZpic.twitter.com/KQTnyrjlJy
— Bob Varettoni (@bvar) September 22, 2016
2016 has seen a large number of existing hacks being investigated and new hacks affecting millions. Earlier this year, over 100 million users of LinkedIn were suspected to be victims of a major hack in 2012 and Indian Railways Catering and Tourism Corporation – IRCTC’s website was also suspected to be the victim of what was then called as biggest hack in India’s history. Leaders of tech giants’ personal accounts were not sparred as well, Sundar Pichai’s Quora was once struck by the hacker group OurMine and it began with Mark Zuckerberg’s Twitter and Pinterest accounts being hacked using the not-so-secure password ‘dadada’.
In a world of bringing masses to the internet and enhancing connectivity, security breaches like these especially to large tech giants definitely puts a users’ trust in small tech startups highly questionable.
