Yahoo data breach: what you need to do
Personal data including names, passwords and security questions of more than 500 million users stolen in 2014
Yahoo is the latest company to admit it has been hit by hackers. The internet firm has revealed that more than half a billion users have had their personal information stolen by hackers.
What has happened?
Last week Yahoo revealed that hackers stole the names, email addresses, passwords, telephone numbers and more. The attack actually happened two years ago, but the company has only just discovered the extent of the data breach.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
“The hack was the biggest in corporate history, even if it was not as bad as it could have been (no credit card or bank account details were stolen),” says James Titcomb in The Telegraph.
“Companies get attacked, we know this. The list of cyber victims in the last 12 months alone – TalkTalk, Ashley Madison, LinkedIn, Dropbox – should be enough to show us that security breaches are inevitable. Our attention should be turned to the way in which companies deal with them.”
The shocking thing with the Yahoo data breach is that the company has only just admitted it. Questions remain about exactly when Yahoo! became aware of the hack, but the fact is that customers have been completely unaware that their passwords and personal details have been available to be traded on the black market for the past two years.
Another eyebrow-raising element of the story is Yahoo's determination that it was a "state-sponsored" group behind the attack, with fingers point squarely eastwards towards Russia.
Will I have been affected?
If you have a Yahoo account there is a reasonable chance your details have been stolen. The company is in the process of contacting everyone whose details were stolen. Just watch out for fraudulent emails pretending to be from Yahoo and don’t click on any links within an email.
But, even if you don’t think you are a Yahoo customer you could be affected.
“There are lots of people, millions of people, who don’t understand they have a Yahoo account,” cybersecurity specialist Per Thorsheim told CNN Money. This is because Yahoo provides several other services which were also hacked, including Yahoo Sports, Flickr and Tumblr.
Even if you have a Yahoo account that you haven’t used in years, you could be affected.
“The idea that ‘I don’t use that account any more, I don’t have to worry about it’ – in most cases, unfortunately that’s wrong,” says Thorsheim. “If you have an account that you don’t use, you should delete it.”
What should I do?
Change your passwords. Not just your Yahoo passwords but “if the password for your bank account or any other financial service is the same as your Yahoo password, you should change it immediately,” says Anna Mikhailova in The Times.
You should also check your credit report to make sure your identity hasn’t been stolen as a result of the data breach. Be on the look out for credit applications that you haven’t made.
How to protect yourself from future data breaches
In future try to have different passwords for all your different accounts. That way a data breach at one of your social media companies is less likely to cause problems with your finances.
It can be hard to remember loads of passwords, but one trick is to assign a different band to each of your password categories. So you may have The Beatles for banking, Queen for social media and the Rolling Stones for email.
Then you simply take a line of a Beatles song for each bank account take the first letter of each word and you have your password. For example, Yellow Submarine gives you a password of waliays – mix up the upper and lower case and exchange letters for numbers or symbols and you have a really strong password that is relatively easy to remember.
Yahoo confirms massive 'state-sponsored' hack
23 September
Tech giant Yahoo has confirmed that hackers stole the personal data of more than 500 million of its users in 2014. Yahoo is encouraging users to change their passwords as a result of the breach.
In is one of the largest data breaches in history, hackers took "names, passwords, email addresses, phone numbers and security questions", the company says, adding: "Stolen information did not include unprotected passwords, payment card data, or bank account information."
Three US intelligence officers told Reuters that "because of its resemblance to previous hacks traced to Russian intelligence agencies or hackers acting at their direction", the cyber attack was probably state-sponsored.
Yahoo said: "The ongoing investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network.
News of the breach "may jeopardise the $4.8bn [£3.67bn] sale of [its] core business to Verizon, announced in July", The Guardian says. The sale is set to be completed in the first quarter of 2017.
Verizon said the company was made aware of the breach "within the past two days", but has "limited information and understanding of the impact".
The attack puts added pressure on Yahoo chief executive Marissa Mayer, BBC North America technology reporter Dave Lee writes, who says many will ask "why is Marissa Mayer, a chief executive who has presided over bad deals and now the biggest breach in internet history, still in charge?".
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Today's political cartoons - December 22, 2024
Cartoons Sunday's cartoons - the long and short of it, trigger finger, and more
By The Week US Published
-
5 hilariously spirited cartoons about the spirit of Christmas
Cartoons Artists take on excuses, pardons, and more
By The Week US Published
-
Inside the house of Assad
The Explainer Bashar al-Assad and his father, Hafez, ruled Syria for more than half a century but how did one family achieve and maintain power?
By The Week UK Published
-
How the FBI took down the world's largest zombie 'botnet'
Under the Radar The bot allegedly infected more than 19 million IP addresses across the world
By Justin Klawans, The Week US Published
-
How cybercriminals are hacking into the heart of the US economy
Speed Read Ransomware attacks have become a global epidemic, with more than $18.6bn paid in ransoms in 2020
By The Week Staff Last updated
-
Language-learning apps speak the right lingo for UK subscribers
Speed Read Locked-down Brits turn to online lessons as a new hobby and way to upskill
By Mike Starling Published
-
Brexit-hobbled Britain ‘still tech powerhouse of Europe’
Speed Read New research shows that UK start-ups have won more funding than France and Germany combined over past year
By Mike Starling Published
-
Playing Cupid during Covid: Tinder reveals Britain’s top chat-up lines of the year
Speed Read Prince Harry, Meghan Markle and Dominic Cummings among most talked-about celebs on the dating app
By Joe Evans Last updated
-
Brits sending one less email a day would cut carbon emissions by 16,000 tonnes
Speed Read UK research suggests unnecessary online chatter increases climate change
By Joe Evans Published
-
Reach for the Moon: Nokia and Nasa to build 4G lunar network
Speed Read Deal is part of the US space agency’s plan to establish human settlements on the lunar surface
By Mike Starling Last updated
-
iPhone 12 launch: what we learned from the Apple ‘Hi, Speed’ event
Speed Read Tech giant unveils new 5G smartphone line-up
By Mike Starling Last updated