Millions Vulnerable After Yahoo Hack Exposes Private Details
Yahoo Inc says information for at least 500 million user accounts was stolen from its network in 2014 by what it believed was a state-sponsored actor, a theft that appeared to the biggest cyber breach ever.
Yahoo said on Thursday data stolen may have included names, email addresses, telephone numbers, dates of birth and encrypted passwords but that unprotected passwords, payment card data and bank account information did not appear to have been compromised, the company said.
"This is the biggest data breach ever," said well-known cryptologist Bruce Schneier.
BELOW: How to protect your Yahoo account from hackers
He said it was too early to say what impact the breach might have on Yahoo and its users because many questions remain, including the identity of the state-sponsored hackers behind it.
Three US intelligence officials, who declined to be identified by name, said they believed the attack was state-sponsored because of its resemblance to previous hacks traced to Russian intelligence agencies or hackers acting at their direction.
Yahoo said it was working with law enforcement on the matter. The FBI said it was aware of the matter, and the US Secret Service was not immediately available for comment.
"The investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network," the company said.
Shares of Yahoo stock were barely changed for the day after the news, while shares of Verizon Communications, which has agreed to buy the company's Internet business, were up about 1 per cent.
It was not clear how this disclosure might affect Yahoo's deal with Verizon.
Verizon, which announced in July an agreement to buy Yahoo's core internet properties for $US4.83 billion ($A6.32 billion), said in a statement it was made aware of the breach within the last two days and had limited information about the matter.
"We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities," the company said.
What to do if you have a Yahoo Account...
According to Time, there are three steps to take to ensure the security of your own Yahoo account.
#1: Change your passwords
They recommend never using the same password across multiple accounts. If you use the same password for other accounts, change them as well.
#2: Use Yahoo's two-factor authentication
Once you've turned on the authentication process, you'll will be required to enter both your password and an extra security code sent to your mobile.
#3: Look at using Yahoo's Account Key feature
It will replace your traditional written password with a smartphone app.