While Yahoo was in the stages of being bought out by Verizon in the last week, information broke to the public that the company was hacked 2 years ago in possibly the largest breach in history. The breach has exposed at least 500 million accounts' names, email addresses, phone numbers and dates of birth. In some cases, security questions and answers too. Verizon was only given limited information on this hack until 2 days ago and the company was unaware of the impact of data theft this large.
Yahoo is encouraging all users to change their passwords but the public seems a little enraged that they are just now informing customers, 2 years later. Yahoo hasn’t released a statement on how or why the hack is just now being noticed but it’s looking like the company might have known and just chose not to release that information until the public sale to Verizon made that public. Thats a long time for someones personal information to remain out there vulnerable to malicious hackers without your knowledge.
A former IT officer at Yahoo said that “Due to Yahoo’s size, they often have to rely on homegrown technology solutions because historically there has been limited products on the market that can scale to meet the demands of their system. It could be that this issue created gaps in their security program because they’re unable to use cutting-edge security products designed to thwart modern threats that most everyone else can,” he added. Basically, there is a lot of surface space in all of Yahoo’s intricate network that can be hacked because it is hardly possible to effectively protect that 100%.
We have been hearing a lot about ‘state-sponsored’ actors, and thats exactly who Yahoo is saying is behind this breach. Yahoo could be blowing smoke by blaming these attacks on an ‘enemy of the state’ or a hacker employed by a foreign government other than taking blame which is terrifying. Giving a foreign enemy state the access to half a billion americans emails and telephone numbers is not something to brush under the rug. Those numbers could potentially sway and election, and Yahoo has said “online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry,” so basically, we’re not the only ones.
We suggest changing your passwords or even closing out any current Yahoo accounts you have currently. "The investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network," but thats not a guarantee and you don’t want to risk losing your personal data.