SAN FRANCISCO – Hackers swiped personal information associated with at least a half billion Yahoo accounts, the internet giant said Thursday, marking the biggest data breach in history.
The hack, which took place in 2014, revealed names, email addresses, phone numbers, birth dates and, in some cases, security questions and answers, Yahoo said in a press release. Encrypted passwords, which are jumbled so only a person with the right passcode can read them, were also taken.
Yahoo said state-sponsored hackers were responsible. They did not identify the country, but both Russia and China have been very active hacking U.S. databases.
The internet pioneer, which is in the process of selling itself to Verizon, said it’s “working closely” with law enforcement. It called the hackers a “state-sponsored actor,” though it didn’t identify a country behind the breach.
Yahoo urged users to change their passwords if they haven’t since 2014. The company has 1 billion monthly active users for all its internet services, which span finance, online shopping and fantasy football. Its mail service alone has about 225 million monthly active users, Yahoo told CNET in June.
The hack serves as a reminder of how widespread hacking is and highlights the vulnerability of passwords. Cybersecurity specialists recommend using a different password for each account you have on the internet. Other experts are working on alternatives to passwords, such as biometrics like your fingerprint or retina.
“Cybercriminals know that consumers use the same passwords across websites and applications, which is why these millions of leaked password credentials are so useful for perpetuating fraud,” said Brett McDowell, executive director of the FIDO Alliance, an organization that vets the security of password alternatives. “We need to take that ability away from criminals, and the only way to do that is to stop relying on passwords altogether.”
Read the rest of the story at https://www.cnet.com/news/yahoo-500-million-accounts-hacked-data-breach/
