The fallout isn’t over.
As if going from dot-com darling to afterthought wasn’t unfortunate enough, Yahoo today confirmed data of at least 500 million user accounts were stolen from its network in 2014 in what many are describing as the “biggest cyber breach ever.”
The internet company said cyber thieves may have gotten off with personal information, such as names, email addresses, phone numbers, birthdates, security questions and answers, and encrypted passwords. Payment and bank account information, on the other hand, don’t appear to have been compromised.
Yahoo also confirmed the breach was carried out by a “state-sponsored actor” who are no longer in its network. As to whom it was referring to — your guess is as good as mine, though it wouldn’t be unreasonable to suspect hackers in China, North Korea, or Russia could be behind the theft, which is starting to sound like the plot of a Mr. Robot episode.
Yahoo says it is working closely with law enforcement and has started notifying “potentially affected users.” On its website, the company urged all its users to change their passwords and security questions and use its two-factor authentication tool to secure their accounts. We encourage you to do the same post-haste. And while you’re at it, change your Flickr and Tumblr passwords as well because Yahoo owns both services.
It remains unclear when Yahoo learned about the breach and why it has gone radio silent about it until now, but it may have something to do with its on-going merger with Verizon Communications, which has agreed to buy its internet business for $4.8 billion in cash.
Not being upfront about the attack is one thing, but millions of users opting out of Yahoo services altogether could have a drastic impact on Yahoo’s market valuation and may prompt Verizon to adjust its offer. In a statement, the U.S. carrier said it “will evaluate as the investigation continues.”
Image credit: Insane Visions