Yahoo has announced that information from 500 million accounts was stolen from the company in 2014. According to USA Today, the company believes that a “state-sponsored actor” was involved in the attack.
Information taken may have included names, email addresses, telephone numbers, dates of birth, and encrypted or unencrypted security questions and answers.
A rule of thumb for cyber security experts is that discovery of a breach occurs 150 to 200 days after the actual breach. Claims of this breach first surfaced in early August of this year.
Any data breach should be a concern to users of the service that was attacked. Hackers can use ID and passwords to gain access to other accounts and more information. According to one survey, 50% of users use the same password across several accounts. Hackers who have stolen ID’s and passwords from one account can try the stolen passwords on different services such as bank accounts and credit card accounts. They also have gathered information on loyalty points from hotel chains and airlines, avatars, online game points, and the values stored on coffee cards. As a result, the hackers can create information dossiers on many people.
Yahoo is recommending that its users do the following:
· Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
· Review your accounts for suspicious activity.
· Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
· Avoid clicking on links or downloading attachments from suspicious emails.
Also, the Federal Trade Commission (FTC) has recently created a web page, http://www.identitytheft.gov/databreach, that provides a checklist for you to follow in case your private information has been compromise in a data breach. If you have been affected by this data breach go to the link and follow the FTC’s guidance.