It’s officially the biggest data breach in history. Yahoo reported that it lost about 1 billion accounts in 2013’s data breach and even more this year when hackers were able to steal and expose even more accounts. This comes as a severe blow to the company that had already lost its battle to overcome its dwindling popularity and claim to search engine users. It later sold to Verizon Communications for $4.8 billion.
Although the contract was signed before Yahoo released this information, the data breach has said to be a strain on the sale and Verizon is looking to renegotiate and revisit it based on Yahoo only admitting to the breach after the sale was completed.
Yahoo asked forensic experts and its own internal staff to review the breach and identify its source. The 2014 breach was said to be from a foreign government, but it’s still unknown where the 2013 breach came from.
Data leaked included full names, addresses, emails, phone numbers, birthdays and security questions. All of this information can later be used to further breach other user accounts, so it’s a big blow not only to the corporation but also to users who entrusted their security and privacy to Yahoo’s site.
Passwords were also stolen, although Yahoo claims that they should be secure due to their encryption and hashing technique. However, hashes are not always secure as hackers can take a list of dictionary words and similar passwords and use them to “guess” the hashed passwords. Yahoo has urged its users to change their passwords to ensure that their passwords are secure from hackers who run these programs against the stolen database.
Experts say that Yahoo is likely accurate in its assessment that government agencies were responsible for the breach. The data has not been found online, and it seems that the list of data was mainly focused on certain groups of people. Still, it does not mean that accounts outside of the hackers’ interest should be ignored. Changing your password after a data breach is the single most proactive step users can take to ensure that their account is protected.
Yahoo’s massive breach shows that hackers will go after accounts for both big and small companies. It’s also a reminder that no one should ever consider their data completely safe, so always create hard to guess passwords, and keep them as separate values from other critical accounts such as financials.