Skip to main content
close search
site logo
Dive Brief

At least 500M Yahoo accounts compromised in 2014 breach

Published Sept. 22, 2016
Naomi Eide's headshot
Managing Editor
Flickr user TechCrunch50-2008

Dive Brief:

  • Yahoo disclosed Thursday a mass data breach in late 2014, which compromised at least 500 million user accounts. The company believes a "state-sponsored actor" conducted with the attack and said it is working with law enforcement to investigate the incidents. 
  • The compromised information includes names, email addresses, telephone numbers, dates of birth and hashed passwords, the company said. In some instances, encrypted and unencrypted security questions and answers were also compromised. 
  • Yahoo said that payment card data and bank account information were not affected, as the information was not stored in the same system. 

Dive Insight:

Considering the scrutiny the company has faced as its finances have dwindled — and with the Verizon's acquisition underway — this is the last incident the company needs. 

As Yahoo's CISO Bob Lord explained in the announcement, as the communities have become more and more connected, threats have becomes smarter and "industry, government and users are constantly in the crosshairs of adversaries." 

Though the company believes that the attackers were not long in its networks, fallout from this breach is sure to continue. The company is working to notify those who are potentially affected, prompting them to change their passwords and set up different ways of verifying their accounts. But as with past breaches, once login credentials are exposed, malicious actors can use them to access a variety of sites. Password and credential reuse across sites has gotten several high-profile individuals hacked, including Facebook's CEO Mark Zuckerberg in June

For companies, this is yet another opportunity to ensure that users are employing best practices in password hygiene by avoiding repetition across platforms. That can help make certain that employee behavior is not causing another company breach, as was the case with TeamViewera service that allows users to remotely log into computers. When the company found a number of its accounts become compromised, it pointed the blame toward breaches on LinkedIn, MySpace, and other networks.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell