Categories: Media Moves

Coverage: Yahoo admits that 500 million accounts hacked

Yahoo said Thursday that a hack has resulted in personal information from 500 million accounts being stolen, which the company blamed on a foreign government.

Jeff John Roberts of Fortune magazine had the news:

The incident is a big deal, since so many have a Yahoo account of some type or other — for email or finance or fantasy sports and so on. The fallout will have major implications for consumers and Yahoo’s still on-going merger with Verizon. Here’s a plain English Q&A about what we currently know.

What did the hackers steal?

They obtained consumers’ names, email addresses, phone numbers, birthdates and “hashed passwords” (more on that below). In some cases they also stole security questions and answers that would let the hackers access the account.

Who are the hackers?

Yahoo would only describe them as a “state-sponsored actor.” In other words, a foreign country used its military or intelligence services to break into Yahoo’s systems. The most likely culprits, in order, are: China; Russia; North Korea.

Laura Hautala of CNET has advice on what do you if your account was hacked:

This might sound obvious, but if you’re like a lot of people, you might not use Yahoo Mail as your primary email account. Yahoo has 1 billion monthly active users on its services overall and just 225 million monthly active users for its Yahoo Mail service, according to figures the company gave CNET in June.

So check the email affiliated with your Yahoo account if you haven’t already. Yahoo has started sending out notifications to users, and you should be receiving one at that account if you were affected by the data breach.

Change your password

Yahoo is recommending that people who haven’t changed their password since 2014 do so now. The company says the passwords that hackers stole were encrypted — scrambled up with a tool called bcrypt. This kind of encryption can potentially be broken with enough persistence, said Brett McDowell, executive director of the FIDO Alliance, a nonprofit group that vets login systems.

Nicole Perlroth of the New York Times notes this is not Yahoo’s only problem:

The Yahoo hack also adds another miscue to what has been a troubled sale of a long-troubled company. In July, Verizon said it would acquire the internet pioneer, roughly a month before Yahoo security experts started looking into whether the site had been hacked. It is unclear what effect, if any, the breach will have on Yahoo’s sale price.

In a statement on Thursday, a Verizon spokesman, Bob Varettoni, said his company learned of the breach of Yahoo’s systems only two days ago and had “limited information and understanding of the impact.”

It is unclear whether security testing — such as a test to see if security experts could break into the Yahoo network — was performed as part of Verizon’s due diligence process before it agreed to the acquisition.

But such security is often overlooked by investors, even though breaches can result in stolen intellectual property, compromised user accounts and class-action lawsuits. To date, no law requires such security checks as part of due diligence.

Chris Roush

Chris Roush was the dean of the School of Communications at Quinnipiac University in Hamden, Connecticut. He was previously Walter E. Hussman Sr. Distinguished Professor in business journalism at UNC-Chapel Hill. He is a former business journalist for Bloomberg News, Businessweek, The Atlanta Journal-Constitution, The Tampa Tribune and the Sarasota Herald-Tribune. He is the author of the leading business reporting textbook "Show me the Money: Writing Business and Economics Stories for Mass Communication" and "Thinking Things Over," a biography of former Wall Street Journal editor Vermont Royster.

Recent Posts

FT taps Foy to cover European banking

Financial Times reporter Simon Foy is now covering European banks. He has been covering accounting for the…

54 seconds ago

Debtwire seeks a private credit reporter

Debtwire, the leading provider of global fixed income news, analysis and data for more than…

3 hours ago

BNN Bloomberg anchor Kanwar is departing

Amber Kanwar, an anchor for BNN Bloomberg in Canada, is departing at the end of…

3 hours ago

Moody’s promotes Kantrow to editor in chief

Moody's Ratings has promoted Yvette Kantrow to senior vice president and editor in chief. She has been…

3 hours ago

Politico reporter Fieseler departs

Politico reporter Clare Fieseler is leaving the news organization to take on some ocean reporting projects. She…

3 hours ago

WSJ’s Eisen to write book about the mortgage market

Wall Street Journal reporter Ben Eisen has signed a contract with Norton to write a book about…

5 hours ago