On September 22nd, 2016 computer magnate Yahoo disclosed information about a hack on their email platform in 2014. ABC news explains how this led to the theft of data from over 500 million accounts. This is particularly worrisome for the company as they were trying to close a sale of $4.8 Billion to Verizon. The fact that it happened over 2 years ago and it is just being reported now raises serious questions about Yahoo’s security. On Thursday’s event, Yahoo has said that evidence from this hack had been concealed very well, hidden from their sight until this July when they found a hacker attempting to sell information of over 200 million Yahoos user accounts. In this article we will cover what may have happened and what will be its consequences.
“No bank data or payment information was hacked, says Yahoo CEO Marissa Mayer. Details that were taken include names, email addresses, telephone numbers, dates of birth, and passwords”
So, turns out in 2014 a hacker managed to enter Yahoo’s network and managed to steal data from over 500 million accounts. According to Yahoo they believe it was a “state-sponsored” hacker, meaning a foreign government could have been involved. “We take these hacks very seriously and will find out who could’ve done this.” Says the FBI at Thursday’s event.
No bank data or payment information was hacked, says Yahoo CEO Marissa Mayer. Details that were taken include names, email addresses, telephone numbers, dates of birth, and passwords (Although passwords are partially obscured by the encryption system). Some security questions might have also been stolen, claims yahoo, information like mother’s maiden name or dogs name are possibly out there as well.
Read Also: The Worst Cyber Attacks in History.
Who’s to blame?
Now that it is out there, the question remains, whose fault is it? While there is no one to directly point a finger at, there are many people that can be blamed. Since internet keeps on evolving, and hackers keep getting better and better, it’s no real surprise that large companies such as Yahoo can be their target, at this certainly won’t be the last time this happens.
Alex Stamos was the leader of Yahoo’s security until a year ago, when Bob Lord took his place. They are certainly a bit responsible for this, it’s not their fault that the hacker managed to make it through, but it is undoubtedly their fault for going on 2 years without noticing. Worse part is, the investigation that led to the discovery of this hack started because a hacker named Peace was selling information of 200 million Yahoo accounts for $1,800. Once the investigation started, it was revealed that there was a security breach 2 years ago that led to the theft of all of this data. This makes us question, if no one had attempted to sell the accounts in public, would Yahoo have ever noticed?
Do we know who is responsible?
At first, the hacker who wanted to sell the accounts, Peace was thought to be the one likely to have performed the hack. However internal investigation found no evidence pointing out to this being true. After finding out that the attack had been the largest ever, deeper investigations have led Yahoo to claim the hacker was state-sponsored. This means that this attack was meant to survey a large amount of people, rather than plan to extract money from them individually. However, since this data was probably sold to third parties, undesirables probably have it by now.
Read Also: Top Public Wi-Fi Risks and How to Prevent Them
I have a Yahoo account, am I in danger?
It’s safe to assume that your data has already been in danger for a while. There is no way to know for sure if you are part of those 500 million accounts. Yahoo has said that those who were involved are being contacted individually in order to notify them, but let’s face it with 500 million people involved, it’s highly likely that you won’t be getting a message from Yahoo any time soon.
Is there anything I can do?
Since we have assumed that it’s likely that you are in danger, the safest bet is to change all your passwords and make sure they are all different. Using methods like password generators from now on would be a safe bet, while this involves a bit more work, it guards you in a much safer way.
If you have accounts that can be put under 2-factor security do so, such as getting a code on your cellphone whenever your account is starting. This way you can guarantee that no one will be able to access your account without physical contact with your cellphone.
Yahoo recommends pay attention to your accounts and watch for suspicious activity in them.
Will this impact Yahoo’s sales?
Absolutely, the sale of Yahoo to Verizon was supposed to close in the first months of the upcoming year. Now that this information has been released it will set back the sale at least a couple of months. This will allow for Verizon to haggle on the price or back out completely if they feel that this hack will destroy Yahoo’s business. While a Verizon spokesman has said that they do not know enough information on the hack yet to assess potential consequences, they will certainly keep an eye open for customer reactions and the shareholder community.
This year has been rough for cyber security, first the bitcoin hack losing millions of dollars and now Yahoo losing information belonging to millions of accounts. It is important for users to understand just how important it is to be safe online. Every time these events happen, people will have to be more careful, and know that having similar information for many accounts can lead to a theft of all their online data.
As we become more proficient online, so do hackers, and we can’t leave it only to companies to deal with them. It is also our responsibility to make at least as hard as we can for people who want to obtain our information and use it for their benefit.