Yahoo have confirmed that the personal information of 500 million users has been stolen and is now available for purchase on the dark web. The company has said the information was “stolen by what we believe is a state–sponsored actor” but did not say which country it held responsible.
In a statement from Yahoo, the company said “The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”
The statement went on to say “Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account.”
The information stolen includes names, passwords, email addresses, phone numbers and security questions. However, it was revealed that the hack actually took place in 2014 but it has only now been made public.
The hack is being cited as the biggest cyber–breach in history. The top 10 previous breaches are:
- MySpace accounts – 359m
- LinkedIn accounts – 164m
- Adobe accounts – 152m
- Badoo accounts – 112m
- VK accounts – 93m
- Dropbox accounts – 68m
- tumblr accounts – 65m
- iMesh accounts – 49m
- Fling accounts – 40m
- Last.fm accounts – 37m
As Yahoo have already advised, the first course of action is to change the password for your Yahoo account. It may be necessary to change your password on other online accounts as well, particularly if you use the same password for multiple accounts. If you need any guidance, you can check out our post on passwords.
It would also be advisable to monitor your financial accounts. Whilst bank details haven’t been compromised, hackers could potentially use the information that has been stolen to attempt to access financial accounts.
Finally – be cautious. The information that is now available to hackers is ideal for them to attempt a phishing attack. So never give personal information to anyone who calls you and if you receive an email from someone you know asking for a sum of money to be transferred, then call them or speak to them directly to ensure that this is a legitimate request.