Yahoo is the latest company to be embroiled in what is thought to be one of the largest cybersecurity breaches ever.
As data becomes more precious, especially to brands and publishers who are constantly trying to sift through the information to find pertinent monetisation strategies and more personalised user advertising, data security and privacy fears are already at an all time high.
Which is why a recent investigation by Yahoo, which confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by a “state-sponsored actor”, is nothing short of a PR nightmare.
It is becoming harder for brands and publishers to stay ahead of the ever-evolving online threats.
Based on the ongoing investigation, Yahoo say it believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is ‘currently’ in Yahoo’s network.
It’s working closely with law enforcement on this matter and the account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected,” a Yahoo spokesperson says.
It says it is notifying potentially affected users and is asking those who may be affected to change their passwords and adopt alternate means of account verification.
It recommends that all users who haven’t changed their passwords since 2014 to do this immediately and consider using Yahoo Account Key – an authentication tool that eliminates the need to use a password altogether.
“An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the crosshairs of adversaries,” a Yahoo spokesperson says.
“Through strategic proactive detection initiatives and active response to unauthorised access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure.”
Have something to say on this? Share your views in the comments section below. Or if you have a news story or tip-off, drop us a line at email@example.com