Yahoo has announced that information
from 500 million accounts was stolen from the company in 2014. According to USA
Today, the company believes that a “state-sponsored actor” was involved in the
attack.
Information taken may have
included names, email addresses, telephone numbers, dates of birth, and encrypted
or unencrypted security questions and answers.
A rule of thumb for cyber
security experts is that discovery of a breach occurs 150 to 200 days after the
actual breach. Claims of this breach first surfaced in early August of this
year.
Any data breach should be a
concern to users of the service that was attacked. Hackers can use ID and
passwords to gain access to other accounts and more information. According to
one survey, 50% of users use the same password across several accounts. Hackers
who have stolen ID’s and passwords from one account can try the stolen passwords
on different services such as bank accounts and credit card accounts. They also
have gathered information on loyalty points from hotel chains and airlines,
avatars, online game points, and the values stored on coffee cards. As a
result, the hackers can create information dossiers on many people.
Yahoo is recommending that its
users do the following:
·
Change your password and security questions and
answers for any other accounts on which you used the same or similar information
used for your Yahoo account.
·
Review your accounts for suspicious activity.
·
Be cautious of any unsolicited communications
that ask for your personal information or refer you to a web page asking for
personal information.
·
Avoid clicking on links or downloading
attachments from suspicious emails.
Also, the Federal Trade
Commission (FTC) has recently created a web page,
http://www.identitytheft.gov/databreach,
that provides a checklist for you to follow in case your private information
has been compromise in a data breach. If you have been affected by this data
breach go to the link and follow the FTC’s guidance.
USA Today:
YAHOO:
Fox News:
FTC:
