Yahoo! announced that all three billion of its user accounts were compromised in a 2013 data breach. This new number easily dwarfs an earlier figure of one billion exposed accounts. Yahoo! has already sent notifications to the additional user accounts that were affected.
An investigation revealed that all Yahoo! user accounts existing at the time of the 2013 breach were affected. The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.
Similar to Yahoo!’s preceding statements regarding the data breach, the investigation maintains that the user account information that was stolen excluded passwords in clear text, payment card data, or bank account information. Experts, however, suspect the security of the aforementioned data because they believe it was only protected with outdated and easy-to-crack encryption.
After disclosing the increased number of affected accounts, Chandra McMahon, Chief Information Security Officer of Verizon, assured users that “Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats.”
Many data breach incidents highlight the need for strict and effective policies on data management and protection. User information that may include PII is a natural target for cybercriminals because it can be abused in a number of ways. Companies who store user data like Yahoo! should implement strict security policies since the data they collect has become valuable targets for hackers.
Meanwhile, users could prevent their data from being stolen by paying attention to their online security habits, especially when it comes to their online credentials. Just to be sure, users should visit Yahoo!’s Safety Center page for tips on how to secure accounts. They could also follow these best practices to mitigate potential damage caused by a data breach:
- Regularly change your passwords. This is an easy solution that can reduce the risks caused by a data breach. It is also highly recommended to use a password manager to be able to regularly change passwords without the trouble of having to remember them.
- Use two-factor authentication (2FA). A two-step verification adds an extra layer of security to user accounts. Using 2FA could prevent an attacker from accessing information even if account credentials are compromised.
Original story at Trend Micro