Jeff John Roberts of Fortune magazine had the news:
The incident is a big deal, since so many have a Yahoo account of some type or other — for email or finance or fantasy sports and so on. The fallout will have major implications for consumers and Yahoo’s still on-going merger with Verizon. Here’s a plain English Q&A about what we currently know.
What did the hackers steal?
They obtained consumers’ names, email addresses, phone numbers, birthdates and “hashed passwords” (more on that below). In some cases they also stole security questions and answers that would let the hackers access the account.
Who are the hackers?
Yahoo would only describe them as a “state-sponsored actor.” In other words, a foreign country used its military or intelligence services to break into Yahoo’s systems. The most likely culprits, in order, are: China; Russia; North Korea.
Laura Hautala of CNET has advice on what do you if your account was hacked:
This might sound obvious, but if you’re like a lot of people, you might not use Yahoo Mail as your primary email account. Yahoo has 1 billion monthly active users on its services overall and just 225 million monthly active users for its Yahoo Mail service, according to figures the company gave CNET in June.
So check the email affiliated with your Yahoo account if you haven’t already. Yahoo has started sending out notifications to users, and you should be receiving one at that account if you were affected by the data breach.
Change your password
Yahoo is recommending that people who haven’t changed their password since 2014 do so now. The company says the passwords that hackers stole were encrypted — scrambled up with a tool called bcrypt. This kind of encryption can potentially be broken with enough persistence, said Brett McDowell, executive director of the FIDO Alliance, a nonprofit group that vets login systems.
Nicole Perlroth of the New York Times notes this is not Yahoo’s only problem:
The Yahoo hack also adds another miscue to what has been a troubled sale of a long-troubled company. In July, Verizon said it would acquire the internet pioneer, roughly a month before Yahoo security experts started looking into whether the site had been hacked. It is unclear what effect, if any, the breach will have on Yahoo’s sale price.
In a statement on Thursday, a Verizon spokesman, Bob Varettoni, said his company learned of the breach of Yahoo’s systems only two days ago and had “limited information and understanding of the impact.”
It is unclear whether security testing — such as a test to see if security experts could break into the Yahoo network — was performed as part of Verizon’s due diligence process before it agreed to the acquisition.
But such security is often overlooked by investors, even though breaches can result in stolen intellectual property, compromised user accounts and class-action lawsuits. To date, no law requires such security checks as part of due diligence.
Matt Clinch has been hired by Bloomberg News as an editor on the EMEA equities team…
Business Insider CEO Barbara Peng sent out the following on Friday: The first two years of our…
Dow Jones' premium professional platform WSJ Pro Venture Capital is looking for a competitive and…
6AM City is launching a weekly business newsletter publication, the BizBrief, next month, The newsletter…
Dow Jones' premium platform WSJ Pro is seeking a reporter to cover financial distress, debt…
Bloomberg News is seeking a collaborative and experienced journalist to serve as an editor in…