Yahoo confirms breach that compromised 500M users

Upon logging into a Yahoo account, this message pops up urging users to update their passwords and possibly add another recovery email and phone number. Screengrabbed from Yahoo

Cyberattacks these days are increasing in frequency and potency leading to even more cybercrime victims. Even old network breaches can come back to haunt us as is the case with Yahoo.

The company has confirmed in a recent press release that over 500 million user accounts were stolen during a late 2014 network breach. Yahoo states, “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.”

Ongoing investigations also suggest that unprotected passwords, payment card data, or bank information were not included in the stolen information.

In short, users who have not updated their password since 2014 should immediately update it. Yahoo is also asking users to consider utilizing the Yahoo Account Key to add another layer of protection for their account. It’s a simple authentication tool that takes away the need for inputting passwords.

Yahoo is offering a tutorial for setting up an Account Key through this link. It can be done through a web browser as well as an Android and iOS app.

The full press release from Yahoo can be found here.