In a statement released this week, Yahoo and its Chief Information Security Officer Bob Lord have confirmed that hackers stole information from at least 500 million user accounts in 2014, describing the network data breach as a “state-sponsored” attack.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Lord revealed in the statement.
A law enforcement investigation has found that the hacker is no longer in Yahoo’s network. Thankfully for Yahoo users affected, Lord reveals that the investigation into the hack suggests stolen information did not include unprotected passwords, payment card data, or bank account information.
However, Shuman Ghosemajumder, Chief Technology Officer of Shape Security, warns the breach at Yahoo may only be the beginning of something bigger. “Most stories will focus on Yahoo users, but the damage there appears to have been done months ago, and Yahoo will simply reset all their passwords so no further damage can be done,” he said in an email to new outlets. “The real issue now is that these passwords will be used to breach thousands of other websites unrelated to Yahoo.”
Ghosemajumder further explains that cyber criminals could use advanced automated hacking tools to discover where users have used those same passwords on different sites, leading to a chain-link of more hacking.
To see more stories like this, sign up below for Dennis Michael Lynch’s email newsletter.
Sign up to get breaking news alerts from Dennis Michael Lynch.
What One Protester is Doing to Cops in Charlotte May Shock You