Biggest Hack Ever: Yahoo Hack Worse Than Originally Thought

biggest hack ever

We’re all witnesses to two of the biggest hacking incidents in history. We could be among the victims, too. In hindsight, the news of the massive data breach at Yahoo last September was just scratching the surface. Just a day ago, the tech giant announced that an even bigger data breach may have happened prior to 2014. With information stolen on over a billion accounts, the Yahoo hack is officially the biggest hack ever.

A Billion Accounts Compromised in the Biggest Hack Ever

A day ago, Yahoo disclosed that more than a billion user accounts may have been compromised in August 2013. The breach is suspected to be a separate incident from the one that hacked 500 million user accounts in 2014. Combined, we’re looking at two of the largest security breaches seen in a company’s computer network ever.

Yahoo’s Chief Information Security Officer, Bob Lord, reveals that several users’ account information was stolen during the 2013 breach. They include names, email addresses, birthdates, contact numbers, hashed passwords, and even encrypted security questions and answers.

In total, it’s unclear how many Yahoo subscribers have been affected by both security breaches, but it’s clear it’s the biggest hack ever. Even Yahoo itself seems dumbfounded by the turn of events. In fact, it was law enforcers and forensic experts who came forward to show data files that allegedly contain Yahoo information. Upon the company’s analysis of such documents, they realized that the tips given were evidence of a massive hack that may have been done years prior. Luckily, the data presented didn’t appear to include plaintext passwords, payment details, and such. That’s bad news for any Yahoo account owners, though, whichever way you look at it.

Actions Yahoo Has Taken So Far

“We have not been able to identify the intrusion associated with this theft,” Lord writes in the post where he announced the latest hack. At the moment, Yahoo is still figuring out how data of more than a billion accounts were stolen.

As a countermeasure, the tech firm has notified the affected users to change their passwords or use the Yahoo Account Key feature. All previous security questions have been disabled, too. The brains behind the cyber theft have had enough time, though, (almost three years and counting) to exploit the data they have stolen. With the information they could have gotten from the biggest hack ever, there’s no telling what they can do.

How the Hack (Potentially) Happened

Yahoo says that the recent hack has been launched by a state-sponsored attacker. They announced that its proprietary code had been accessed by the hacker, too. The code was apparently used to forge cookies that may be necessary to access individual accounts without requiring a password.

Naturally, Yahoo had to invalidate the forged cookies. So, to sum up, in the biggest hack ever, not only were Yahoo users affected, but also the company as well.

Countermeasures to Prevent Further Damages

If you have been among those notified by Yahoo regarding the biggest hack ever, you can still do a few of things to secure your personal info. Here are some of them:

Never give away information via email

Hackers can easily make legitimate-looking emails with stolen credentials in their hands. The rule of thumb here is never engage with emails trying to solicit any personal info. Don’t click on links and open downloads from email addresses you don’t recognize.

Change the password for every account associated with your compromised Yahoo account

Sure, you’ve got a very strong password for your Yahoo Mail. If you use the same for every account linked to your Yahoo account, you could be in for a nasty surprise. Come up with new, stronger passwords and know other safety measures to protect your info.

Freeze credit reports ASAP

Hackers who get a hold of valuable credentials will naturally attempt to open a credit card using your name. Once they do, banks will run a credit check and notify you that an individual/organization is trying to run a check. Subsequently, they can flag that you didn’t request the application.

These safety measures aren’t all on you, though. Tech companies have to ramp up security measures since cyber threats are getting nastier and more frequent by the minute.

It’s safe to say that security concerns take the backseat at Yahoo with them getting easily dinged a second time at a much larger scale. Is it time to make the switch?