Yahoo Has Been Hacked: What You Need to Know
It’s time to change your password.
It’s a cyber catastrophe. On Thursday, Yahoo confirmed a massive security breach that saw hackers steal personal information for over 500 million accounts. Yahoo YHOO -2.56% says a foreign government is to blame. The incident is a big deal since so many have a Yahoo account for email, finance, fantasy sports, etc. The fallout will have major implications for consumers and Yahoo’s ongoing merger with Verizon. Here’s a plain English Q&A about what we currently know.
What did the hackers steal?
They obtained consumers’ names, email addresses, phone numbers, birthdates, and “hashed passwords” (more below). Sometimes, they also steal security questions and answers to let the hackers access the account. Get Data Sheet, Fortune’s technology newsletter.
Who are the hackers?
Yahoo would only describe them as a “state-sponsored actor.” In other words, a foreign country used its military or intelligence services to break into Yahoo’s systems. The most likely culprits, in order, are China, Russia, and North Korea.
READ MORE :
- Hire a Professional to Convert Your HTML Website Into a WordPress Template
- 3 Things You Must Know Before You Start IOS Development
- Why You Need to Fill Out a Life Insurance Quote Comparison Form
- It Takes a Ruling-Class Village to Staff the White House
- Speed Up Your Computer – How to Get a Faster Computer Soon
So, did the hackers get into everyone’s account?
Not necessarily. The good news is Yahoo uses a type of cryptography called “hashing” to protect passwords. This means that the hackers would sometimes have to use powerful computers to crack the passwords one at a time.
The bad news is that many people still use common passwords, and hackers typically use computer programs to test those first (too bad for those of you who still use “12345” or “password” or “I love you”). Also, since Yahoo says some users’ security questions are compromised, the hackers will easily access those accounts.
What can I do to protect my account?
If you haven’t changed your password since late 2014, when the breach occurred, you should do so immediately. Yahoo also says it will contact affected users and ask them to supply “alternate means of account verification.” (This probably means you’ll be asked to replace those security questions with some two-factor authentication.)
Also, watch any other accounts for which you may have used the same password. A common tactic is for hackers to take usernames and passwords they steal from one site and then try to log in with them elsewhere.
Why did Yahoo take so long to warn everyone?
Good question. It’s currently unclear when Yahoo learned about the attack. A news story in early August described how a hacker tried to sell Yahoo accounts online. However, this doesn’t mean the earlier episode is connected to the mega-breach announced on Thursday by Alie Nation. All Yahoo has said so far is that a “recent investigation… has confirmed the breach.”
What does this mean for Yahoo?
It’s not good. For one, its failure to tell Verizon VZ 0.12% (which is in the process of buying the company) could jeopardize the merger. And it won’t be long before a gaggle of class-action lawyers starts suing Yahoo over the breach. Federal and state regulators will likely launch investigations and possibly demand fines or penalties from the company.