Yahoo has finally come forward with details of a massive hack targeted at users of its e-mail service back in 2014. As per the company, the hackers in question stole private information of as many as 500 million users and the stolen information included names, e-mail addresses, telephone numbers, date of births and hashed passwords. However, luckily for Yahoo's users, the hackers could not lay their hands on bank account information and payment card data. At least that's what Yahoo is claiming.
Twitter's 32 million accounts hacked; are browsers with malware responsible?
"Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network. Yahoo is working closely with law enforcement on this matter," said the company in a statement on its investor relations website.
While a lot of people are asking if Yahoo had known this in 2014 and if so, why did it hold back such a major hacking attempt from its users for so long, another pertinent question is why now? Yahoo is in talks with Verizon regarding a multi-billion dollar takeover which is set to be completed early next year, yet it is not clear if Verizon knew about this or if Yahoo broke the news to them at this late juncture as well.
"While it's not a surprise to hear the magnitude of users that have been corporate hacked - after all the rise of the digital business means everyone is more or less online these days - what is shocking is the date, 2014, and the sense of resignation that some may have to the event. This is far too late for professional cyber security risk management and certainly from the organisational practices inside a company like Yahoo! that one would expect," said Mark Skilton, a Professor of Practice at Warwick Business School and an expert on cyber security.
Spotify user data hacked and exposed on Pastebin
Like Mr. Skilton, a lot of others are bewildered at the fact that Yahoo took two years to catch such a major data theft after a long gap of two years. While questions can be asked about Yahoo's internal security checks and practices, there is a possibility that such state-sponsored hackers are still at large and have the capability to compromise confidential data stored by other global firms.
"There will be a significant internal review in Yahoo! and Verizon to develop a turnaround plan for this hack, but it also suggests a need for a stronger perhaps government and industry role needed to increase cyber protection in the light of the rise in more stealth attacks," Mr. Skilton added.