US media company Yahoo has announced this morning that they have been affected by a security breach which has potentially exposed half a billion users to security risks.
The breach was actually announced back in 2014, but the extent and details of the breach have only been made public today in an announcement on the company’s Tumblr blog.
The breach is believed to be a state sponsored attack which garnered a lot of information which the company says may have included ‘names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers’. The breach did not include unprotected passwords, credit card, or bank information.
The attack also doesn’t seem to have affected anything with Yahoo finding ‘no evidence that the state-sponsored actor is currently in Yahoo’s network’.
The breach is still serious however with Yahoo recommending a broad course of action for anyone with a Yahoo account:
- Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
- Review your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
Yahoo currently has a number of apps available on Google Play, including apps produced for Channel 7 in Australia.
Any account you use should of course be using a randomly generated password from a password safe LastPass, 1Password, Enpass, Keepass – pick your poison, but at least use one.