Yahoo has had 500 million accounts exposed in what is believed to be the world’s biggest data breach. It couldn’t have come at a worse time for the company, who are in the process of being bought by Verizon in a $5 billion deal. The consequences may be severe for Yahoo, but what does it mean for you?

Find out what really happened, how you can find out if you've been affected and what you should do in the event of an attack: 

First of all, what happened?

The breach is thought to have taken place in late 2014 by a “state-sponsored actor” – in other words, a foreign government. It’s the second time this year that a Yahoo hack has hit the news, but the two incidents aren’t thought to be related. The stolen information includes names, email addresses, encrypted passwords, phone numbers, birth dates and security question answers.

Does that mean I’ve been hacked?

Not necessarily. Fortunately, Yahoo encrypts their user’s password using ‘hashing’, which makes them much harder to crack. This means that even if the hackers have obtained your details, they may not be able to use them. However, too many people still use common and easily guessable passwords which even the best cryptology can’t protect.

So how will I know if I’ve been affected?

Yahoo have stated that they will be contacting all affected users, but with so many users having moved onto another platform (i.e. Hotmail or Google), it’s likely that many victims will never get the memo. It’s best to be proactive and take action now to protect your accounts, even if you’re not sure.

And what should I do if I think I have been hacked?

Yahoo have recommended all its users – whether active or not – change their passwords if they’ve not done so since 2014. Make sure you also change any sites or accounts that use the same passwords. 

Yahoo have advised watching for any suspicious activity on your email and bank accounts. “Avoid clicking on links or downloading attachments from suspicious emails,” Yahoo said in a post on their Tumblr page. “Be cautious of any unsolicited communications that ask for personal information or refer to you to a web page asking for personal information.

Wayne Barber
Wayne Barber
Managing Director, Oosha
security hex image

“Yahoo have recommended all its users – whether active or not – change their passwords if they’ve not done so since 2014.”

 
RELATED ARTICLES

Gig economy law firms – a threat to traditional legal servic...

In legal circles, much of the debate around the so-called “gig economy”, has focused on the legalities surrounding it - with high profile cases involving Uber and Deliveroo dominating press coverage.   "The gig...

How law firms can get the most out of their IT

With an incredible 713% growth in legal tech investment in 2018, technology is clearly something that firms are confident can bring huge benefits to efficiency, profits and client satisfaction. Tech is playing ...

Is Windows Virtual Desktop a game-changer for law firms?

VDI (Virtual Desktop Infrastructure) is a fully formed Windows 10 desktop delivered directly to an end user via the cloud. To date, it has been a popular use of the cloud amongst legal firms. And it’s no surpri...

blog-subscribe-bg

Like what you see?

Join our mailing list to receive the latest insights on legal and accounting technology