In 2014, according to the latest revelation by Yahoo, hackers stole data of around 500 million users from Yahoo’s servers. It is being deemed as one of the biggest hacking events in a company’s computer network.
User information like names, email addresses, telephone numbers, birth dates, encrypted passwords and security questions were stolen. Interestingly, Yahoo says that it was a “state-sponsored” actor who was responsible for stealing 500 million users’ data from Yahoo, although the already-embattered company didn’t reveal exactly which country was involved.
Despite its various problems, Yahoo is still one of the Internet’s busiest websites with 1 billion monthly users. Verizon Communications is in the process of acquiring Yahoo for $ 4.8 billion.
This hacking is crucial because Yahoo runs one of the oldest email services on the web and despite Gmail and other services, when it comes to the number of people using free email, Yahoo is still one of the leading free email service providers.
Before we proceed, if you are actively using a Yahoo email ID, now that you know that 500 million users’ data was stolen from Yahoo, perhaps this is good time to update your password and security questions, just in case.
A weird thing is that this hacking took place two years ago and it is coming to light now. The news about data of 500 million Yahoo users being stolen started surfacing this June when a Russian hacker going by the name of Tessa88 started talking about having a big chunk of stolen Yahoo data, in one of the underground web forums. She also provided a sample of the stolen data to prove that she wasn’t bluffing. Up till then it wasn’t clear that the data actually belonged to Yahoo users or some third-party service associated with Yahoo. Also wasn’t clear was whether the stolen Yahoo data belonged to the previous 2012 heist when user data of 450,000 Yahoo users was stolen, or the recent 2014 one.
In August, another hacker by the alias of Peace of Mind began to offer a large chunk of stolen Yahoo credentials including email IDs, usernames and passwords, ZIP Codes and dates of birth.
Even then Yahoo wasn’t sure whether the data came from its servers or somewhere else. But the company started looking into the data anyway and it was then that it was discovered that the company’s systems had been hacked in 2014. So it isn’t as if Yahoo was aware of the hacking incident – the company itself came to know about it while investigating some other data.
This is a disturbing news that Yahoo didn’t even know that its systems had been hacked. A company that tracks data breaches, says that normally organisations on an average can detect hacking incidents in 191 days. The current hacking of 500 million users could invite a slew of class-action lawsuits against Yahoo.