Found in 1994, Yahoo is still one of the leading websites in the world. Though recently, the web giant has been experiencing some difficulties and was sold to Verizon for about 4.8bn USD, it still holds a huge user database and is used by millions every day. Adding to the Yahoo’s problems, some concerning news about a suspected data breach emerged earlier this year: a notorious hacker called “Peace” posted over 200 million Yahoo accounts on the dark web with an intention to sell them. Yahoo representatives were quick to react and appointed a team of security researcher to investigate this incident. Nevertheless, not until earlier this week, any official confirmation about the real extent or cause of the breach has been submitted. Finally, after one and a half months of silence, we have some details to discuss.
In the recent statement, Yahoo confirmed that the server has indeed experienced some unauthorized intrusion. Surprisingly, the investigation of the stolen data points to the year 2014 which only makes us wonder, why we haven’t been informed earlier. Besides, the volume of the stolen information turns out to be even greater than was initially speculated: the hackers have managed to take down over 500 million user accounts. Could such vast amount of data simply slip through the eyes of the Yahoo crew? Luckily, the crooks did not extract credit card data or online banking credentials. Nevertheless, plenty of other sensitive user information leaked, including site login credentials, names, email addresses, security question-answer pairs, passwords, telephone numbers, birth dates, etc. The investigators were led to believe that the attack was state-sponsored. Yahoo claims that such attacks are becoming more popular due to the political reasons. But what about the reports of hackers making money out of the stolen data on the dark web? There are still many questions that remain unanswered. Nonetheless, what we can draw from this event is that cyber crime is thriving and it is only a question of when and who is going to be next.
In fact, not that while ago, the info-sec community was bustling about series of data breaches that took place back in 2012 and 2013. Similarly to Yahoo, these hacking incidents were dragged to light and officially confirmed by the related parties only this year. Myspace, LinkedIn, and Tumblr were in the epicenter of it all. Though none of these events come close to the immense scale of data stolen from Yahoo, the numbers are still staggering. For instance, Myspace alone had over 360 million accounts hacked, while the volume of LinkedIn reached 164 million and Tumblr – over 65 million. Of course, the hackers have also made attempts to profit from it. “Peace” and “Tessa88” are the main vendors who were selling this data on the dark web. Though the experts deem this data as useless, because most of it is outdated, we suggest changing passwords on these social platforms if you have an account there.
In the meanwhile, Yahoo representatives also urge the users to change their passwords into stronger ones, especially if you have signed up for Yahoo before or during the year of 2014. We also recommend going through all of your social media accounts to make sure their passwords don’t match and conform to all security standards. It is also essential to keep your computer system stable and protected to prevent spyware infiltration.