Yahoo’s data breach is much worse than expected. Reports emerged earlier this week that the company was preparing to confirm a hack attack that first came to light this past summer when certain credentials of about 200 million users were put up for sale online. Now, Yahoo has revealed that roughly half a billion accounts were compromised.
The hack attack took place in 2014, and Yahoo says it appears to have been conducted by a “state-sponsored actor”, suggesting the incident was a matter of political espionage. Yahoo also says that no bank or credit card information was compromised, but credentials including dates of birth, email addresses, phone numbers, and passwords were taken. Yahoo is advising users to change their passwords if they haven’t done so since 2014.
By now many users of other email services will have moved beyond mere password-based security, with Google now supporting two-factor authentication and many iPhone users locking their mobile email services with biometric security. Others in the digital security business will see in this incident a validation of the ‘on-device’ approach to authentication, which requires that key user credentials are stored on their own personal devices, rather than on external servers that could be hacked.
Sources: CTV News, CNBC¹, CNBC²
Related News
Yahoo to Announce Massive Data Breach: Recode
Previous Data Breach Actually Impacted All Users, Yahoo Reveals
Comelec Works to Assuage Public Alarm Over Biometrics, Hack Attacks- Breached Records Total Goes Up with Conclusion of Equifax Forensic Investigation
Proposed Bill Would Incentivize Cybersecurity Development with Awards
National Cyber Security Awareness Month Organizers Urge Users to STOP. THINK. CONNECT.
Follow Us