Yahoo! has most recently been in the news for its $4.83 Billion purchase price upon a finalized agreement from Verizon. It would be a huge boon for the two tech giants, and frankly, considering the news of late about Yahoo!, they need all the help they can get. Unfortunately that help definitely didn’t come from hackers in 2014 – in the largest breach of its kind, at least 500 Million users’ account details were stolen over two years ago. Yahoo! never reported the breach until last week when the details were leaked on the web. Not only does this pose a major issue for the hundreds of millions of Yahoo! users affected by the breach, but it opens up questions about the purchase and frankly, whether it’s even going to happen.
When the breach happened a few years ago, Yahoo! never issued a statement of any kind to its users or the media. Claiming that a state-sponsored actor is to blame for this vulnerability in the system, the company has begun working with law enforcement to get to the bottom of the situation. Meanwhile, the information released ranges from usernames, emails, passwords, and security questions and answers. Yahoo! is maintaining that the passwords were all encrypted with bcrypt but there have been other reports stating that some may have been released in an unencrypted format.
Yahoo! is keeping a tight lid on most leak details – they haven’t released which state-sponsored actor is responsible or if there are even any leads. And while they have scrubbed the security questions from the affected accounts, they are only suggesting that people change their passwords. To be clear: changing your password should be a first step for any user who owns a Yahoo! account, or any other affected by a data breach. Even if it was encrypted, changing a password takes seconds out of your day and will save you a great deal of potential headaches in the future. Protecting your cyber security position should be at top-of-mind with each click of the mouse and every IoT interaction. But, mistakes happen – let Neovera take care of those missteps with 24x7x365 cyber security monitoring and management services based on your company’s unique needs and requirements.