Yahoo has announced that the account information of at least 500 million of its users was stolen by hackers two years ago, describing the stolen data as “critical.” The attack is now being considered as the biggest act of hacking of a company’s computer network.
In a statement, Yahoo said user information including names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions was compromised in 2014 by what the company believed to be state-sponsored cyber-attack.
Experts in the Information and Communication Technology, ICT, industry remain baffled at why it took two years before the hack could be detected.
Yahoo remains one of the internet’s busiest sites with one billion monthly users, and recently one of America’s largest companies, Verizon Communications, began a process of acquiring it for $4.8 billion
It’s mail services, Yahoo Mail, is one of the oldest free email services, and many users have built their digital identities around it, from their bank accounts to photo albums and even medical information.
The company is advising owners of a Yahoo accounts to change their passwords and also ensure that passwords used on those sites aren’t too similar to what they were using on Yahoo.
Yahoo also said it was working with law enforcement in their investigation and encouraged people to change up the security on other online accounts and monitor those accounts for suspicious activity as well.
It stated: “The stolen Yahoo data is critical because it not only leads to a single system but to users’ connections to their banks, social media profiles, other financial services and users’ friends and family,”
“This is one of the biggest breaches of people’s privacy and very far-reaching.”
Yahoo said it learned of the data breach this summer after hackers posted to underground forums and online marketplaces what they claimed was stolen Yahoo data.
But what they eventually found was worse: a breach by what they believe was a state.
Two years is an unusually long time to identify a hacking incident.
According to experts it takes organizations to identify such an attack in 191 days, and the average time to contain a breach is 58 days after discovery.
