MANILA, Philippines – Yahoo confirmed at least 500 million user accounts has been stolen from them in a data breach that occured in 2014. The company's chief information security officer (CISO), Bob Lord, made the announcement through a Tumblr post on Thursday, September 22, US time.
In Lord's post, titled, "An Important Message About Yahoo User Security," he detailed what types of information may have been stolen:
"The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected."
The data breach is said to be the largest from a single site, CNBC mentioned. Other massive data breaches include:
In the Philippines, the Commission on Elections (Comelec) database was hacked in late March, putting the data of 55 million Filipino voters at risk.
In line with the confirmation of the data breach, Yahoo encouraged its users to perform the following things:
Sumit Bansal, cybersecurity firm Sophos' ASEAN and Korea sales director, emphasized the need to secure your data after such a breach. “Cyber criminals are very proficient at using such data – profile, password, date of birth, or security question data – to commit broader fraud, so the ramifications of such a breach can extend well beyond e-mail," he said.
The fact that some people use the same password for multiple accounts makes it even more urgent for people to be aware of such data breaches, Bansal suggested. Data leaked from one site, say Yahoo, could potentially be used to access accounts on other sites. – Rappler.com