500 Million Yahoo Users Affected by Data Breach – Password Change Recommended

Yahoo has confirmed a massive breach that compromised the personal information of 500 million of its users, affecting account holders of Yahoo Mail, Yahoo Finance, Yahoo Fantasy Sports, and Flickr. The tech giant was quick to issue a plan of action, with Yahoo chief information security officer Bob Lord posting an announcement on Tumblr on September 22. The post outlines the investigation, a protection plan, and security recommendations. Yahoo also confirms that user account information was stolen in late 2014, and the data may have included names, passwords, security questions and answers, as well as other personal information like dates of birth and email addresses. Lord’s report noted that there is no evidence to suggest that user payment card data or bank account information was compromised—the system housing that information is believed to be unaffected.

The Yahoo breach could count as one of the biggest—if not the biggest—breaches in terms of the number of records stolen. The past decade has seen a number of large-scale and high profile data breaches, from the AOL incident in 2005 where an insider leaked sensitive data, to the Target breach in 2014 where nearly 40 million debit and credit card credentials were exposed to fraud. In 2015, healthcare companies like Anthem, and government agency OPM were hit with breaches, all of which suffered a staggering amount of stolen information. This year, 45 million user records were leaked online in the VerticalScope breach and before that, personal details of users who accessed the Acer Online Storewere exposed to cybercriminals.

How to respond to a data breach

Yahoo users are advised to immediately reset all passwords linked to Yahoo, especially if the password has not been changed since 2014. Account holders should also note that since users’ security questions and answers were also compromised, Yahoo has invalidated unencrypted security questions and answers so they cannot be used to access an account.

The Yahoo team has demonstrated a swift and organized response, already putting FAQs and user-friendly guides on their Yahoo Mail page. Users are prompted to reset their passwords and read the guide on recognizing a legitimate Yahoo security notice.