In a recent message addressed to “Yahoo Users,” Yahoo has informed about a hack that happened two years ago, in late 2014. A massive data breach – which some classify as the biggest of its kind ever – was reported on 22nd of September, and, according to the information provided, around 500 million accounts were hit. Although not all hacks are discovered right away, it is surprising that it took two years for the company to detect this and inform its users. Needless to say, the damage has been done, and now is the time to take action. The company has not presented any information regarding the security problems that have emerged due to the hack, but it is possible that a lot of users have already suffered some consequences without even knowing it. Hopefully, there is time for everyone to evade big security issues.
Yahoo has been hacked before, but none of the previous attacks can measure to the one that occurred in 2014. According to the official report, at least 500 million accounts were affected. It was reported that the hackers behind the attack had stolen names, birth dates, email address, and phone numbers linked to the said 500 million accounts. It appears that, in some cases, security questions and answers that allow users to recover login information were stolen as well. Although the passwords stolen were encrypted using bcrypt – which is a password hasher – it is possible for hackers to break the encryption. If that happens, they can hijack Yahoo accounts and use them in various ways. Considering that Yahoo has over 1 billion active users per month, the possibility of Yahoo accounts being hacked is very high.
The biggest issue with this Yahoo hack is that most users dismiss the use of their passwords. While it is obvious that changing Yahoo passwords is crucial, many users fail to recognize that other accounts could be affected due to that as well. Some users recycle the same usernames and passwords for all of their accounts, not excluding online banking accounts, other email accounts, or social networking accounts. Needless to say, if the user recycles the same email address and password for all of their accounts, the hackers behind the attack could also target other virtual accounts. Due to this, it is crucial that every Yahoo user changes their passwords, not only on Yahoo accounts but also other accounts that can be accessed using the same password. While Yahoo has take actions to protect its users, it cannot prevent hackers from attacking the accounts on other platforms. Here is the recommendation from the official report.
Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account. The company further recommends that users avoid clicking on links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information.
It is important to take into account that the stolen email addresses could be used not only to hijack accounts but also to perform mass spam email attacks. Undeniably, ransomware infections are on the rise, and most of them use spam emails to include malicious launchers that are concealed as harmless documents, photos, or other types of files. Other kinds of infections, including Trojans and keyloggers, could be distributed in the same way. In fact, users whose Yahoo accounts might have been hacked should inspect their operating systems as soon as possible. A simple way to do that is to use trusted malware scanners. As long as they are legitimate and up-to-date, they will not miss any threats. Obviously, users who detect malware must remove it right away.
Although Yahoo is allegedly working with law enforcement agencies to work things out and make sure that hacks are not overlooked in the future, computer users need to take the matters into their own hands. The first step, of course, is to change all passwords, making sure that they are not repeated. Users should also consider settings up two-step sign-in systems, using alternative pass-codes (e.g., fingerprint locks), and, of course, employing reliable security software. Although this software cannot protect against hacking of big companies, this can protect them against the attacks of malware that they could be exposed to using stolen information, such as email addresses. Also, it is very important to keep up-to-date with all virtual security news. If Yahoo takes two years to notify about a hack, do not provide hackers with another moment to strike by knowing what is happening.