FEATURE NEWS Free eNews Subscription

500M Yahoo! Users Impacted by Hack; What It Says About Password Protection

By

Yahoo! is facing a lot of challenges lately. Add to the heap the breach – which the company confirmed today – that has affected 500 million Yahoo! accounts and is believed to have been carried out by a state-sponsored actor.

The breach, which dates back to late 2014, may have allowed unauthorized parties to access such information as Yahoo! account holder dates of birth, email addresses, names, telephone numbers, and security questions and answers (both encrypted and unencrypted), the company said. Yahoo! doesn’t think the breach included the theft of bank account information, payment card data, or unprotected passwords.

The company sent out an email and posted on its website a letter from Yahoo! CISO Bob Lord explaining the situation and what it is doing to protect its users. Yahoo! in the communications said it has invalidated unencrypted security questions and answers so they can’t be used to access an account, is working closely with law enforcement on the matter, and continues to upgrade its systems to identify and prevent unauthorized access to user accounts.

The company is also suggesting affected users change their passwords and adopt an alternate means of account verification, review their accounts for suspicious activity, avoid clicking on links or downloading attachments from suspicious emails, use caution in responding to unsolicited emails, and consider using the authentication tool Yahoo Account Key. Users with Yahoo Account Key don’t need passwords to sign into their accounts.

“Since we don’t have the specifics yet, it will be hard to say how everything happened,” notes Brad Bussie, CISSP, director of product management at STEALTHbits Technologies. “What we do know is that accounts that have been breached have value. The reason they have value is that people use the same password for multiple sites. The industry has been warning users for years that they need different complex passwords for each account they use online. The problem is that many consumers have dozens of accounts and remembering that many passwords is hard.” 




Edited by Alicia Young
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Author Info
Paula Bernier

Executive Editor, TMC

Click here to read full bio

SHARE THIS ARTICLE
Share
Related Articles

ChatGPT Isn't Really AI: Here's Why

By: Contributing Writer    4/17/2024

ChatGPT is the biggest talking point in the world of AI, but is it actually artificial intelligence? Click here to find out the truth behind ChatGPT.

Read More

Revolutionizing Home Energy Management: The Partnership of Hub Controls and Four Square/TRE

By: Reece Loftus    4/16/2024

Through a recently announced partnership with manufacturer Four Square/TRE, Hub Controls is set to redefine the landscape of home energy management in…

Read More

4 Benefits of Time Tracking Software for Small Businesses

By: Contributing Writer    4/16/2024

Time tracking is invaluable for every business's success. It ensures teams and time are well managed. While you can do manual time tracking, it's time…

Read More

How the Terraform Registry Helps DevOps Teams Increase Efficiency

By: Contributing Writer    4/16/2024

A key component to HashiCorp's Terraform infrastructure-as-code (IaC) ecosystem, the Terraform Registry made it to the news in late 2023 when changes …

Read More

Nightmares, No More: New CanineAlert Device for Service Dogs Helps Reduce PTSD for Owners, Particularly Veterans

By: Alex Passett    4/11/2024

Canine Companions, a nonprofit organization that transforms the lives of veterans (and others) suffering PTSD with vigilant service dogs, has debuted …

Read More
View All News