Yahoo leak: 500 million accounts hacked in 2014

Only two years after the fact, the Internet giant Yahoo has acknowledged that personal data from 500 million accounts of its users have been hacked late 2014. It is one of the most consistent hacking ever held! What is the impact of this massive data theft, especially after the hacking MySpace accounts, LinkedIn and Tumblr?

In a press release, Yahoo has just confirmed a cyber-attack which hit its services in late 2014. Many personal data concerning these 500 million accounts were thus stolen: birth dates, names, email addresses, telephone numbers, passwords or security questions, the list of sensitive data from hackers is long. According to Yahoo, users banking information should be safe as they were stored on another system which was not attacked.

Who could have delivered this attack? In early August 2016, the Motherboard site had interviewed a hacker calling himself “Peace” who announced that he was offering people to buy on the darknet (a web which is non-indexed by the search engines and is used for illegal activities) information related to 200 million Yahoo accounts for 3 bitcoins, which equals to around 1,600 euros.

“It is possible that the data stolen by a state actor ended up on the black market, said Gerome Billois, a Wavestone cybercrime expert. Some cybercriminals groups may be paid by some totalitarian states to set up a database. Once someone has the keys to your digital life, one can know all of your real life” .

Early 2014, Yahoo had repeatedly stated to have strengthened its network security. The company was in fact mentioned repeatedly in the NSA case revealed by Edward Snowden.

For Nicolas Arpagian, who released a book “What Do I Know” on cybersecurity, Yahoo’s explanation is a bit surprising: “It does not fit with the interest of a state. What is their interest to do so, on such a massive way? If the idea is to do cyber surveillance, there is no need to target it on such as wide scale.” Yahoo did not disclose details about the nationalities or the locations of people whose accounts have been attacked, which would have helped to better understand the sources or the purposes of this data leak.

What surprises most is why Yahoo has taken so long to announce this massive leak?

An attack, if properly made, is yet difficult to detect. Today, according to an expert in cyber attacks, it is estimated that it takes on average 150 days for people to realize about such attack. When the facts took place in 2014, it was rather 250 days for it to get noticed. Many companies are quite behind when it comes to cybersecurity, and the security level is very low even if these alerts are still numerous.

Yahoo’s users whose data have been hacked have received a long security message from Yahoo, but isn’t it too late?

Indeed, Yahoo has just asked its users who had not changed their password since 2014 to do so and also to change their password on Flickr. Moreover, the US company recommends its users to change their secret question.

Who can benefit from such massive data hacking? This type of data has value for those who use identity theft. This major passwords leak may have major consequences. If a Yahoo user affected by the cyber-attack used the same password for accessing other sites, especially on social networks or Amazon one can be at risk…

But this hacking of secret questions is even more serious. When getting the answer to this sercret question (often it is about your mother’ maiden name or dog’s name, etc …), then  cybercriminals can take control all of your other accounts as users often configure the same secret question for all websites.

Prevent your data from being hacked, by using Le VPN, which will hide your online movements and protect your privacy.

Le VPN is the best VPN, even when using an open Wi-Fi! Indeed, Le VPN hides the user’s Internet connection with a powerful military encryption system that no one can hack, even when using a public Wi-Fi network, such as the one you like to use in airports, train stations, cafes and other hotspots.