Security Alert: Yahoo Data Breach - 500 Million Users Affected
September 22, 2016
Description:
Yahoo has confirmed, based on a recent investigation, that a copy of certain user account information was stolen from their network in late 2014 by what we believe is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
Who was affected?
Yahoo is notifying potentially affected users by email and posting additional information to Yahoo’s website. Additionally, Yahoo is asking potentially affected users to promptly change their passwords and adopt alternate means of account verification.
The UTRGV Information Security Office (ISO) highly recommends that any Yahoo user to promptly change their passwords, security questions, and answers.
What information was stolen?
The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.
I use Yahoo, what can I do?
Sign in to your Yahoo account and change your password, security questions and answers here: https://login.yahoo.com/config/login?.done=https%3A%2F%2Flogin.yahoo.com%2Faccount%2Fpersonalinfo
We encourage all of our users to follow these security recommendations:
- Change your password and security questions and answers for any other accounts on which you use the same or similar credentials as the ones used for your Yahoo Account.
- Review your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
Additionally, please consider checking if you have an account that has been compromised in a data breach here:
References