Home » Science & Technology » Remember your Yahoo password? Change it now as the company's been hacked

Remember your Yahoo password? Change it now as the company's been hacked

Sahil Bhalla | Updated on: 10 February 2017, 1:47 IST

Previously thought to be 200m, the data breach at Yahoo has skyrocketed to 500m accounts. On Thursday, the California-based company confirmed the news that hackers back in 2014 had stolen personal data that included names, passwords, email addresses, birth dates, phone numbers and security questions from the Yahoo database. This made many baffled users ask, "What is my Yahoo password?"

At the moment, the company is cooperating with with law enforcement. In some good news, the company believes that credit card or bank details were not included in the stolen data. This is officially Yahoo's worst nightmare. The worst hack to ever hit them. In fact, they have been

given the distinction of this being the largest breach on record.

Yahoo has called the hackers a "state-sponsored actor". They couldn't identify which country they were associated with. If one hasn't changed their passwords since 2014, then the company urges you to do so at the earliest. For all their internet services, Yahoo has 1 billion monthly active users. It's mail service accounts for 225 million of those active users, CNET confirmed.

Back in August, Yahoo were investigating for an alleged breach after Vice's Motherboard blog reported that cybercriminal "Peace" claimed to be offering 200 million Yahoo credentials for sale. The sale was advertised on the 'dark web' - something that can be accessed only using Tor - but that was found to be inaccurate. In an interview with /Wired/ magazine, Peace identified himself or herself as a former member of a team of Russian hackers. These hackers had breached and sold credentials from several major online services between 2012 and 2013.

Peace went on further to say that these hacks were primarily being used 'for spamming'.

Yahoo learnt about this breach back in July, the same month it agreed to sell its service to Verizon Communications.

Will this affect the sale to Verizon?

Verizon is paying Yahoo $4.83 billion for Yahoo and it was notified about the breach about two days ago, and yet they weren't informed in full.

"We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact," Verizon said in a company statement. "We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities. Until then, we are not in position to further comment."

One can look at Microsoft's acquisition of LinkedIn for clues as to whether such a breach can derail a deal or not. Microsoft acquired LinkedIn back in June of this year for $26.2 billion. This came barely a month after the social network revealed that 167 million of its accounts

had been hacked. The deal was not at all in jeopardy. What had been hit instead, was the reputation of the company.

During merger agreements, buyers are left with some provisions of withdrawing from the deal, if the 'value' has been hit by anything significant. In the Verizon-Yahoo deal, this change, according to the Wall Street Journal, is one that would "reasonably be expected to have a

material adverse effect on the business, assets, properties, results of operation or financial condition of the Business, taken as a whole". In the agreement, Yahoo had promised that "no security breaches had taken place and that no breaches would have occurred by the deal's closing, which is expected in the first quarter of 2017". This highly rare breach happened two years ago.

It isn't uncommon for these breaches to go unreported. LinkedIn's breach happened in 2012. Myspace notified users of a 2013 breach this May.

One person rather perturbed with this news was US Senator Mark Warner. Warner is someone who worked in the technology industry and called the breach 'huge'.

"While its scale puts it among the largest on record, I am perhaps most troubled by news that this breach occurred in 2014, and yet the public is only learning details of it today," he said. Warner also urged Congress to create a data breach notification standard. This, he said, was to ensure consumers find out sooner if their data has been compromised. In other words, to ensure transparency.

Let this be a lesson to one and all. Move on from Yahoo Mail. Advise your parents to as well.

First published: 24 September 2016, 1:56 IST