'State-Sponsored' Yahoo Email Hack Could Be the Biggest of All Time

An astonishing number of accounts were compromised.
Publish date:
Social count:
An astonishing number of accounts were compromised.
(Image: Pixabay)

(Image: Pixabay)

If you've opened a Yahoo email account any time in the last decade, you might want to sign in and change your password, if possible. On Thursday, Yahoo disclosed that the company had been targeted in one of the largest hacks in the history of the web.

CNN Money reported that Yahoo confirmed data associated with an astonishing 500 million user accounts had been stolen by a "state-sponsored" hacking effort. Basically, some unknown nation's government was behind the hack. 

In a statement, Yahoo CISO Bob Lord wrote that the breach "may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers."

The flagging internet giant is making an effort to inform affected users and asks that anyone who even thinks they might be affected do the following:

  • Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
  • Review your accounts for suspicious activity.
  • Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
  • Avoid clicking on links or downloading attachments from suspicious emails.

This comes at a tough time for Yahoo, which sold much of itself to Verizon for more than $4 billion in July, 2016. However it could create an untold number of headaches for users who reused data like passwords and security questions for more than one account. 

Yahoo stated that it is "working closely with law enforcement" to get to the bottom of the hack. 

In the meantime, it's probably time to just go ahead and change as many passwords as you can think of. A half-billion compromised email accounts is a pretty good argument for doing so.

h/t CNN Money, Re/Code