Categories: Media Moves

Coverage: Yahoo admits that 500 million accounts hacked

Yahoo said Thursday that a hack has resulted in personal information from 500 million accounts being stolen, which the company blamed on a foreign government.

Jeff John Roberts of Fortune magazine had the news:

The incident is a big deal, since so many have a Yahoo account of some type or other — for email or finance or fantasy sports and so on. The fallout will have major implications for consumers and Yahoo’s still on-going merger with Verizon. Here’s a plain English Q&A about what we currently know.

What did the hackers steal?

They obtained consumers’ names, email addresses, phone numbers, birthdates and “hashed passwords” (more on that below). In some cases they also stole security questions and answers that would let the hackers access the account.

Who are the hackers?

Yahoo would only describe them as a “state-sponsored actor.” In other words, a foreign country used its military or intelligence services to break into Yahoo’s systems. The most likely culprits, in order, are: China; Russia; North Korea.

Laura Hautala of CNET has advice on what do you if your account was hacked:

This might sound obvious, but if you’re like a lot of people, you might not use Yahoo Mail as your primary email account. Yahoo has 1 billion monthly active users on its services overall and just 225 million monthly active users for its Yahoo Mail service, according to figures the company gave CNET in June.

So check the email affiliated with your Yahoo account if you haven’t already. Yahoo has started sending out notifications to users, and you should be receiving one at that account if you were affected by the data breach.

Change your password

Yahoo is recommending that people who haven’t changed their password since 2014 do so now. The company says the passwords that hackers stole were encrypted — scrambled up with a tool called bcrypt. This kind of encryption can potentially be broken with enough persistence, said Brett McDowell, executive director of the FIDO Alliance, a nonprofit group that vets login systems.

Nicole Perlroth of the New York Times notes this is not Yahoo’s only problem:

The Yahoo hack also adds another miscue to what has been a troubled sale of a long-troubled company. In July, Verizon said it would acquire the internet pioneer, roughly a month before Yahoo security experts started looking into whether the site had been hacked. It is unclear what effect, if any, the breach will have on Yahoo’s sale price.

In a statement on Thursday, a Verizon spokesman, Bob Varettoni, said his company learned of the breach of Yahoo’s systems only two days ago and had “limited information and understanding of the impact.”

It is unclear whether security testing — such as a test to see if security experts could break into the Yahoo network — was performed as part of Verizon’s due diligence process before it agreed to the acquisition.

But such security is often overlooked by investors, even though breaches can result in stolen intellectual property, compromised user accounts and class-action lawsuits. To date, no law requires such security checks as part of due diligence.

Chris Roush

Chris Roush was the dean of the School of Communications at Quinnipiac University in Hamden, Connecticut. He was previously Walter E. Hussman Sr. Distinguished Professor in business journalism at UNC-Chapel Hill. He is a former business journalist for Bloomberg News, Businessweek, The Atlanta Journal-Constitution, The Tampa Tribune and the Sarasota Herald-Tribune. He is the author of the leading business reporting textbook "Show me the Money: Writing Business and Economics Stories for Mass Communication" and "Thinking Things Over," a biography of former Wall Street Journal editor Vermont Royster.

Recent Posts

LinkedIn finance editor Singh departs

Manas Pratap Singh, finance editor for LinkedIn News Europe, has left for a new opportunity…

1 day ago

Washington Post announces start of third newsroom

Washington Post executive editor Matt Murray sent out the following on Friday: Dear All, Over the last…

2 days ago

FT hires Moens to cover competition and tech in Brussels

The Financial Times has hired Barbara Moens to cover competition and tech in Brussels. She will start…

2 days ago

Deputy tech editor Haselton departs CNBC for The Verge

CNBC.com deputy technology editor Todd Haselton is leaving the news organization for a job at The Verge.…

2 days ago

“Power Lunch” co-anchor Tyler Mathisen is leaving CNBC

Note from CNBC Business News senior vice president Dan Colarusso: After more than 27 years…

2 days ago

Upset CoinDesk staffers send letter to owner

Members of the CoinDesk editorial team have sent a letter to the CEO of its…

2 days ago