Last August, reports that a notorious hacker has managed to obtain some 200 million user credentials from Yahoo’s servers came out. The company did not confirm the legitimacy of the data but acknowledged that it is aware of the hacker?s claims. Yesterday, Sept. 22, Yahoo finally admitted that it has been a victim of a cyber attack.
It also seems that the problem is even bigger than earlier reports. Yahoo has confirmed that more than 500 million accounts were compromised after the attack. This is more than twice the original number of earlier reports.
READ ALSO:?New Opera Browser Out, Features In-Built VPN
According to Yahoo, more than 500 million user information were exposed through the ?state-sponsored? attack. It also confirmed that it is working closely with the authorities and that initial investigation confirmed that the attacker is no longer on Yahoo?s network.
In a statement released by the Yahoo, it said:
“We have confirmed, based on a recent investigation, that a copy of certain user account information was stolen from our network in late 2014 by what we believe is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.?
Yahoo also clarified in the statement that no form of sensitive data were compromised. It said that payment card data, unprotected passwords, and bank account information were all safe as they were kept on a separate network.
The company has started notifying its users and urged them to update their passwords. It also asked other users that were not affected by the breach to update their passwords through Yahoo?s new authentication tool.
In addition to updating users? passwords, the company also alerts its users to beware of online phising. Phising is an act of defrauding and online account by posing as legitimate company. The most common phising technique is through malicious emails purporting to help users in reseting their passwords. However, instead of doing so, users are then redirected to malicious websites that aim to extract a user?s personal information.
For more tech related news, be sure to check us out at TheBitBag.