Yahoo confirmed on September 22 that data “associated with at least 500 million user accounts” have been stolen in what may be one of the largest cybersecurity breaches ever.
The company said it believes a “state-sponsored actor” was behind the data breach, meaning an individual acting on behalf of a government. The breach is said to have occurred in late 2014.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.” said the company in a statement.
“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. “ The statement continued.
In line with this breach, Yahoo recommends users change passwords, security questions and answers for any other accounts on which they used the same or similar information as for their Yahoo account. They also suggest that users review their accounts for suspicious activity. Meanwhile, users should be cautious of any unsolicited communications that ask for their personal information or refer you to a web page asking for personal information and avoid clicking on links or downloading attachments from suspicious emails.
The company in 2012 was faced with a data breach that allowed a hacker group to download 453,000 unencrypted usernames and passwords. Last year, Yahoo launched a program to detect and notify users when it strongly suspects that a state-sponsored actor has targeted an account.
Back then, roughly 10,000 users had been notified.
If you’re worried about your own privacy and security, then a good VPN might help ease your mind.