Yahoo said it believes cyber attackers stole information from more than 1 billion users’ accounts in August 2013. The company fell victim to what is now being called the largest cyber attack in history. The previous record of largest attack is also held by Yahoo when almost 500 million users were affected three months ago. Yahoo said that it has not yet identified the intrusion linked to this theft.
Yahoo said stolen information includes names, email addresses, phone numbers, birth dates, and security questions and answers. Bank and payment card information was not affected.
The new cyber attack raises new questions about Verizon’s proposed $ 9.8 billion buyout of Yahoo, and whether the big cell phone company will try to change the terms of the offer. The telecom giant wants Yahoo and its users to help build a digital ad business.
In a statement, Verizon said it will assess the situation as Yahoo investigates and evaluates “new developments before reaching any definitive conclusions.” Spokesman Bob Varettoni declined to answer additional questions.
Yahoo, based in Sunnyvale, Calif., said on 14th December that it is asking the users to change their passwords and invalidate their security questions so they cannot be used to hack their accounts.
Our emails contain a lot of sensitive information. In our inbox we have data from bank accounts, online purchases and information of our contacts. The only thing keeping out attackers is the strength of our passwords.
We are all exposed to our password being violated. Cyber-attackers have cracking tools at their disposal and other tricks to gain access to our accounts. To increase security and protect access to email, leading email providers Outlook, Gmail and Yahoo have the option of two-step authentication, which prevents attackers from entering even when they have our password.
Two-step verification makes the login process a bit more difficult for attackers by adding another security layer to the username and the combination of keys (“What you know”). The second factor may be “something you have” (mobile device, smart card) or “something you are” (fingerprints and biometric data). Basically if the attacker tries to enter your account with your password from an unknown device or browser, the system requires a second verification. The attack cannot proceed unless he has your mobile device or fingerprints and therefore your email account remains much more secure.