Yahoo Describes Hacking Of 500 Million Accounts As “Critical”


Yahoo has announced that the account information of at least 500 million of its users was stolen by hackers two years ago, describing the stolen data as “critical.” The attack is now being considered as the biggest act of hacking of a company’s computer network.

In a statement, Yahoo said user information  including names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions was compromised in 2014 by what the company believed to be state-sponsored cyber-attack.

Experts in the Information and Communication Technology, ICT, industry remain baffled at why it took two years before the hack could be detected.

Yahoo remains one of the internet’s busiest sites with one billion monthly users, and recently one of America’s largest companies, Verizon Communications, began a process of acquiring it for $4.8 billion

It’s mail services, Yahoo Mail, is one of the oldest free email services, and many users have built their digital identities around it, from their bank accounts to photo albums and even medical information.

The company is advising owners of a Yahoo accounts to change their passwords and also ensure that passwords used on those sites aren’t too similar to what they were using on Yahoo.

Yahoo also said it was working with law enforcement in their investigation and encouraged people to change up the security on other online accounts and monitor those accounts for suspicious activity as well.

It stated: “The stolen Yahoo data is critical because it not only leads to a single system but to users’ connections to their banks, social media profiles, other financial services and users’ friends and family,”

“This is one of the biggest breaches of people’s privacy and very far-reaching.”



    Yahoo said it learned of the data breach this summer after hackers posted to underground forums and online marketplaces what they claimed was stolen Yahoo data.

    But what they eventually found was worse: a breach by what they believe was a state.

    Two years is an unusually long time to identify a hacking incident.

    According to experts it takes organizations to identify such an attack in 191 days, and the average time to contain a breach is 58 days after discovery.

    Join the ICIR WhatsApp channel for in-depth reports on the economy, politics and governance, and investigative reports.

    Support the ICIR

    We invite you to support us to continue the work we do.

    Your support will strengthen journalism in Nigeria and help sustain our democracy.

    If you or someone you know has a lead, tip or personal experience about this report, our WhatsApp line is open and confidential for a conversation



    Please enter your comment!
    Please enter your name here

    Support the ICIR

    We need your support to produce excellent journalism at all times.

    - Advertisement


    - Advertisement