Yahoo recently disclosed that a group of cyber hackers had scooped into their email system and hacked 1 billion email accounts in 2013. In a statement to the media, Yahoo asserted that the hackers had recorded user's personal information, and the company is clueless on the hackers identity, and what happened to the recorded information.
The California-based internet pioneer lost over 6 percent shares after the data breach incident was revealed early this week. A Senior Research Scientist of Comodo, Kenneth Geers states, "Yahoo should know that it is an invaluable target for cybercrime syndicates and nation-states and invest the resources in protecting its data accordingly. The use of vulnerable MD5 hashes suggests that Yahoo was not paying sufficient attention to security."
As per reports, the hackers had recorded almost all the personal information of the 1 billion users including their name, contact numbers, and even their passwords, which are said to be encrypted with easily broken form of security. The incident is the largest known data breach in the history.
Commenting on the hacking incident, Kenneth Geers states, "This is a hack of strategic scale, conducted with a high level of anonymity; those two factors combined could mean that this is a foreign intelligence service seeking the information solely for its signals intelligence value.
One way to test that hypothesis is to try and find out if the stolen information has been used for cybercrime; that, however, is no guarantee because leaking some information could be a deceptive tactic on the part of the attacker."
Yahoo also revealed that credit cards and bank account details have not been affected, however, the data breach incident did include unencrypted security questions.
To mitigate the damage, Yahoo is in the process to alert the affected customers to change their passwords and security questions and answers, and review their accounts for any suspicious activity. The company also recommends users to avoid using similar passwords for all social media accounts, and not to click on any link and download attachments that they receive from any suspicious email ids.