A security hack of this magnitude? In what could be the largest publicly declared security hack in history, Yahoo recently disclosed an attack by “state-sponsored” hackers in 2014 that involved over 500 million Yahoo users.
If you are a Yahoo user, we recommend that you immediately change your password as well as your security questions/answers. The security hack is two years old, but experts say that the ripple effects of this incident could last for years.
The alarming bit of news is that several pieces of key personal information such as email IDs, user names, encrypted passwords and telephone numbers were stolen by the unnamed hackers. Yahoo did not disclose the country of origin but suggests that the security hack was sponsored by the government of an unnamed country.
Hacked information also included “unencrypted security questions and answers”, according to Yahoo, which has also stated that the FBI has given confirmation that it is currently investigating the security hack that was executed two years ago in 2014.
In August this year, a possible link to this particular security hack emerged in the form of news that a hacker called “Peace” was trying to sell information on 200 million Yahoo accounts. Yesterday (Thursday September 22) Yahoo confirmed that the breach is now much bigger than they formerly thought, and are now urging all users who haven’t changed their passwords since 2014 to do so.
Fortunately for the affected 500 million users, the stolen passwords were all encrypted, and no credit card information or social security numbers seems to have been stolen. However, the incident raises several burning questions around Yahoo’s management, such as why CEO Marissa Mayer is still at the helm despite being responsible for several bad deals and now this disproportionately huge security hack?
Another urgent question is: Why was Verizon, which has confirmed its intention to buy Yahoo’s core assets, only told about the breach two days ago? There is also no evidence from Yahoo so far that this was indeed state-sponsored. That is significant because state-sponsored security hacks are typically motivated by political gain rather than financial gain. Why, then, did the information go on sale by a known hacker, which clearly shows that the motivation is monetary.
However, in an independent report, news agency Reuters reported that the hack was very similar in nature to previous attacks that were attributed to Russian state-run agencies, and that this information was given to them by three unnamed US intelligence agents.
Yahoo’s response to the incident seems almost nonchalant: “Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry.” The question they haven’t answered yet is: why did it take so long to report an incident that happened in 2014? And more alarmingly, did a breach involving 500 million accounts really go unnoticed until now?
There are several questions that Yahoo now faces, and FBI will now be under intense pressure to get the answers.
Related Article: Who Can Access My Information Online, and How Do I Protect Myself?
It is not known whether this incident will have any impact on Verizon’s decision to buy Yahoo’s assets, but one VP at a security company called Covata is quoted by the BBC as saying: “Let’s hope the ink is dry on the contract with Verizon.”
Thanks for reading our work! On Apple News please favorite the 1redDrop Channel, and do bookmark 1redDrop.com to keep tabs on the hottest, most happening tech and business news from around the world.