On September 22, Yahoo announced that 500 million users’ email accounts had been hacked in 2014. The stolen information, according to Hacked.com, includes:
- Email addresses
- Telephone numbers
- Dates of birth
- Hashed passwords (which is a way of taking a variable-length password and creating a cryptic, fixed-length password from it)
- Encrypted or unencrypted security questions and answers
Rumors about the hack had surfaced in August, but it wasn’t until September that the company “admitted” to the security breach by what it believed to be a “state-sponsored actor,” which essentially implies culpability from a government who is financially supporting a third party engaged in non-violent cyberterrorism.
However, many are skeptical about Yahoo’s “state-sponsored” claims with one expert telling Computerworld that “This just doesn’t reek of nation-state activity. Nation-states are after intellectual property. They don’t give a damn about emails and passwords from a Yahoo account.”
On the other hand, though, a possible hypothesis could be that a “government might have been interested in targeting the email accounts of human rights activists.”
It seems that hypotheses is pretty much all the public has right now as Yahoo has been tightlipped about what, specifically, it knows about the hack and the hackers. For now, Yahoo is eschewing transparency; it has yet to provide evidence supporting its theory.
This week, Senator Mark Warner (D-VA) asked the U.S. Securities and Exchange Commission to “investigate whether Yahoo and its senior executives fulfilled obligations to inform investors and the public about a hacking attack affecting 500 million user accounts.” Furthermore, Warner wants the SEC to find out if Yahoo has been accurately representing the nature of the security breach. In a letter to SEC Chairwoman Mary Jo White, Warner said,“Disclosure is the foundation of federal securities laws, and public companies are required to disclose material events that shareholders should know about.”
Although the hacking incident happened in 2014, consumers might still want to take a few safety precautions, say the experts at Hacked.com. What precautions, you ask? First, change your password. Also, turn on Yahoo’s two-step verification process and/or take advantage of Yahoo’s account key. Then, as always, be vigilant about watching out for fraudulent activity on your credit cards or bank statements.
Domenica Cresap is an Illinois-based expert in information technology whose career has spanned many years. Currently, Domenica serves as the Senior Client Director at Gartner, one of the country’s largest research and advisory firms providing information technology related insight.