Alert: Yahoo Mail Breach

Biggest Breach Ever

hooded hackerHot on the heels of Verizon’s announced purchase of Yahoo, it has just been disclosed today, that Yahoo was the victim of a massive security breach.

If security was not at the forefront of your mind, it should be now. In what many people are calling one of (if not the biggest) data breach ever, Yahoo! has confirmed that 500 million (yes, million) accounts were affected. This breach was super extensive according to Yahoo’s own statement:

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers…Bob Lord, CISO for Yahoo

Two Years Past Due

The breach occurred in 2014 and was first suspected because a hacker named “Peace” was selling user information for more than 200 million Yahoo accounts in August of this year.  The asking price for these 200 million accounts is a pretty paltry $1,800. Yahoo passwords are MD5 encrypted, meaning that pretty much any clever hacker could use one of the readily available online MD5 decrypters to decode the passwords.

Course of Action

Yahoo has made the following recommendations:

  • We are asking potentially affected users to promptly change their passwords and adopt alternate means of account verification.
  • We invalidated unencrypted security questions and answers so they cannot be used to access an account.
  • We are recommending that all users who haven’t changed their passwords since 2014 do so.
  • Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
  • Review your accounts for suspicious activity.
  • Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
  • Avoid clicking on links or downloading attachments from suspicious emails.

They also recommend using a Yahoo Account Key.

State-sponsored Hack

Yahoo believes this was a state-sponsored hacker and does not believe the hacker is still in its network. Cyber attacks are becoming more andcybersecurity more common as both individuals and governments take aim at the vast quantity of personal information available online. Increasingly, governments are realizing that they no longer have to send troops or planes in to attack an enemy – instead they can do it from the comfort of their homeland sitting behind a desk.

Protecting Yourself Online

One of the best ways to protect yourself and your data online is to use strong passwords and don’t use the same password for every site. Almost no one I know adheres to both of these rules, most people don’t adhere to either of them, putting their information in serious risk. The I.T. Ranger highly recommends using our ConnectID service to help you manage your passwords, create strong passwords and securely log you in to the sites you use most.

Request a Quote


No Comments

Leave a Comment