Biggest Data Breach – Yahoo
Are you using any services from yahoo which requires login using yahoo account credentials?
I mean, are you using any of the services from yahoo like yahoo mail, Flicker or any other services which requires you to login with yahoo user ID and password then the strong recommendation is to change your password as soon as possible and to be in safer side. The reason is, recently yahoo published their latest security update notice publicly stating there has been data breach issue occurred in year 2013 which has been investigated by yahoo and its forensic investigator partners. They have confirmed as nearly more than 1 billion user accounts information is stolen by unauthorized third party in Aug 2013. Yahoo has not been able to identify the intrusion associated yet with this theft.
The company had taken some important measures to strengthen their security and to avoid this kind of issues in future. For potential affected users, they are notifying about this issue along with recommendations on what end users can do from their side to protect their yahoo accounts.
You can check more details on this issue from yahoo security update bulletin.
NOTICE OF DATA BREACH -Yahoo
What Data Breach happened at yahoo?
Now let us discuss about account information which was stolen by unauthorized third party in Aug 2013 and same has been mentioned above,
The account information which we are referring here is- Names of user, Email address, Telephone numbers, Dates of Birth, hashed passwords (These are nothing but encrypted strings stored in databases using MD5) and in some cases encrypted or unencrypted security questions and answers or blank account information.
Recommendations for Yahoo users :-
Yahoo already invalidated the unencrypted security questions and answers so that they cannot be used to access an account. They also invalidated the forged cookies and hardened their systems to secure them against similar attacks.
What yahoo recommends for their customers or yahoo users (This also needs to be considered as best practices)
- Yahoo recommends their users to change their account passwords and security questions/answers. This applies to any yahoo account and not specific to any particular service (Eg: Yahoo mail)
- Review all your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a webpage asking for personal info.
- Avoid clicking on links or downloading attachment from suspicious emails.
For more recommendations and Best practices for creating strong passwords you can refer the article published and linked under following url.
For some more recommendations on securing your data, please refer the article published and linked under following URL