UPDATE 03/15/2017: New York Times reported that two Russian intelligence agents were behind the massive Yahoo data breach that affected 500 million Yahoo users in 2014. According to the Justice Department, these agents were initially assigned to find hackers operating in the U.S. Instead, the two Russian agents led what is being referred to as a “sweeping criminal conspiracy,” using stolen Yahoo data to target specific individuals (international government officials, journalists/media reporters, business executives). Federal prosecutors also found that they had broken into 50 Google accounts belonging to Russian officials and cybersecurity employees.
Separately, the breached information was used to circulate spam and collect payment card and gift card data. The suspects are facing a total of 47 criminal charges.
Yahoo has announced its second data breach this year, less than three months after confirming the first. This hack affected over 1 billion user accounts and, according to Yahoo, initially occurred in August 2013. The breach was confirmed after law enforcement looked into data files that had allegedly contained Yahoo user data. Information exposed in this breach includes names, phone numbers, birth dates, encrypted passwords and security questions.
In September 2016, Yahoo made public that approximately 500 million user accounts had been compromised back in 2014. Yahoo claims that it was aware of the first data breach in 2014, but did not realize the extent of the breach until a hacker (allegedly responsible for the LinkedIn, Twitter and Myspace data breaches as well) dumped 200 million Yahoo accounts online in July 2016.
What should you do?
The greatest takeaway from this breach: change your passwords and use different passwords for all of your online accounts. Additionally, avoid reusing the personal security questions and answers connected to your Yahoo account. Hackers take advantage of password reuse, stealing the login credentials from one site to gain access to multiple others.
Continue following Fighting Identity Crimes to stay up-to-date on this story as well as other breach and scam news.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.