Yahoo has finally announced that at least 500 million users have been the victims of the state-sponsored attack that took place nearly 2-years ago and this is probably the most massive case of the data breach in the history of Internet. The data breach included information including names, email addresses, phone numbers, date of birth, hashed passwords and in some cases also the security questions. However, on the brighter side, the investigations have revealed that stolen information does not include payment card data and bank account information.
The very fact that it was carried on by a state-sponsored actor, the attack only seems more sinister. Unlike individuals State Sponsored attackers are the highly motivated group who have set objectives in line with political or military interests of any country. Also, it is very rare for state-sponsored attackers to siphon off the money from the stolen details and instead they keep collecting the data over a long period of time to gain a leverage over the victim. While most of us might raise an eyebrow on why Yahoo took 2-years to confirm the attack, its simple State-sponsored attacks often go unnoticed since they use unobtrusive methods and generic ways to gain access they kind of blend in and it’s very hard to track them.
The unravelling of the data theft comes at a time when Yahoo CEO Marissa Mayer is steering the company towards an acquisition by Verizon. The attack also means that some users might stay away from Yahoo services and this is something that will dent the company’s advertising revenue which has not been impressive lately.
It all started in July when a hacker claimed to have hundreds of millions of stolen Yahoo logins for sale in the dark internet and this lead Yahoo to conduct a much deeper investigation which further revealed that the data breach was a state-sponsored attack. The leaked detail will make it extremely easy for the attackers to hijack identities and use the personal data.
If you are a Yahoo user it’s advised to change your password and make sure the new password is strong. Also, make it a point to change passwords and security questions at regular intervals.