Yahoo Hack Affects 500 Million Users in Largest Single-Company Data Compromise in History

Yahoo Hack Affects 500 Million Users in Largest Single-Company Data Compromise in History

Data breach announcements come and go with regularity these days. And password hacks happen so often we’ve become inured to the constant recommendations to “Change your password — and fast!”

But it’s hard not to be shocked by Yahoo’s revelation that a half a billion computer users had their names, email addresses, telephone numbers, birth dates, encrypted passwords, and even security questions hacked in 2014. That’s 500 million accounts — far more people than live in the entire United States.

Yahoo just made the news public last week, after security experts rigorously analyzed claims that hackers were peddling stolen Yahoo data on the Internet’s underground black market. At first, the company couldn’t confirm that information, but as they dug deeper they discovered something more terrifying: the breach had been caused by an unspecified “state-sponsored actor.”

Anyone who’s had an account with Yahoo over the years — email, Internet search, Tumblr, Flickr, even fantasy football — will be more concerned about what comes next, however, than what happened two years ago. This has become the pattern in the data breach age: a company announces a hack that happened years ago, then rushes to alert users the way Yahoo did last week, warning them to change passwords and security questions, in addition to examining the login credentials of other accounts.

Is this bigger than other recent data breaches?

It is — Alex Holden of Hold Security told the New York Times that “the stolen Yahoo data is critical because it not only leads to a single system but to users’ connections to their banks, social media profiles, other financial services, and users’ friends and family. This is one of the biggest breaches of people’s privacy and very far-reaching.”

The unusual timing and severity of the breach will most likely surpass other high-profile ones, including Target and Ashley Madison. The Ponemon Institute estimates that most hacks are identified in 191 days, or roughly 6 months, while the average time to contain it is 58 days after discovery. Yahoo is already past 24 months since the compromise occurred, which will most likely complicate recovery times and make potentially affected users shrug their shoulders at yet another monumental breach.

Here’s a striking figure, though: if the annual cost to remediate a data breach is $221 per stolen record, as the Ponemon Institute reported in July, extrapolating that out means Yahoo could be looking at an unprecedented cost of $110 trillion to fix the damage. It can all begin to feel a bit like Groundhog Day, though. Another round of data breach revelations, change password. Another massive data hack, change password. 10 million people affected. 100 million people affected. 500 million people affected. And on, and on, and on. We know it’s easy to tune the news out. Wouldn’t it be nice to implement some standard security practices so that you don’t have to feel so threatened by this steady stream of security alerts and knee-jerk reactions?

That’s what CMIT specializes in. We know that data left unprotected is suspect to cybercrime. We know that it takes variegated passwords, unique login credentials, frequent password changes, a sturdy password management solution, password encryption where reasonable, and two-factor authentication to truly keep computer users safe. Companies like Yahoo only go so far to protect your personal information — but CMIT goes the extra mile.

What else can you do to keep your data safe?

1) If you’re a Yahoo user, assume your personal information was stolen.

Check your email to see if you received a notification from Yahoo — but remember that much smaller attacks and data thefts happen all the time. If you had a Yahoo account in 2014, chances are you’re one of the 500,000,000. And if you use a similar password as the one that was hacked for other email, social media, or online banking accounts, consider changing those passwords immediately.

2) Mix up your passwords, which is most effectively done with a password management solution.

You can manually change passwords for each financial, health care, social media, retail, and email account you use on a regular basis. Or you can employ a password management solution to handle frequent password changes and the creation of long, unique log-ins for you. Either way, don’t assume your old password is safe — especially if you use it across multiple portals.

3) Keep a vigilant watch on your inbox.

This recommendation goes two ways: first, if your Yahoo access information was stolen, you could see an uptick in phishing and social engineering attempts, which typically arrive via email from spoofed email addresses that look nearly identical to recognizable domain names (think gmaiil.com instead of gmail.com). And second, hackers unrelated to the Yahoo breach will still use the news as an impetus to send out further scam attempts disguised as Yahoo communications that ask you to “verify” personal information. Look out for slightly odd or unusual requests from email addresses that look frighteningly similar to those of people you know — and especially don’t click on web links or open attachments that you aren’t expecting from specific users.

4) Use two-factor authentication!

Two-factor authentication requires you to enter something you know (like your password) and something you have (typically a unique code delivered to you via text message or email). While no security measure is entirely foolproof, using two-factor authentication not only makes a password breach statistically less likely but also can alert you to any suspicious activity related to your accounts with major providers like Google or Yahoo.

5) Employ proactive monitoring and maintenance solutions to watch over your systems, your data, and your employees.

If all of these steps sound difficult to implement, consider working with a team of IT security experts to protect your information. At CMIT Solutions, we keep a 24/7 eye on your computers, your networks, your incoming mail, and the things your staff members click on and open. That way, if an intrusion is attempted, we can spot it and suppress it before it wreaks havoc on your business.


Nervous about the prospect of your personal information being stolen in the Yahoo hack? Contact CMIT Solutions right away. We specialize in multi-layered security solutions that go the extra mile to keep you safe. Our extensive network of 160 North American offices and 800 technicians stay up to date with cybersecurity development so that we can offer our clients the best protection in the industry. In short, we worry about your IT so you don’t have to.


Leave a comment!

You must be logged in to post a comment.