Yahoo info breach could even affect most infrequent users
While Yahoo’s data breach may not include financial information, one computer science professor says it should still prompt some password changes.
The San Francisco-based tech giant reported Thursday a massive theft of account information, telling its users at least 500 million accounts may have been compromised in a 2014 hack. The company blamed a “state-sponsored actor,” and encouraged potentially affected users to change passwords. A statement said Yahoo is working “closely with law enforcement on this matter.”
Prasad Calyam teaches in the University of Missouri’s computer science department, and counts cybersecurity as one of his specialties. He said the full extent of the hack is not yet apparent, since it’s not clear exactly what information was included in the stolen accounts. While it might not contain financial information, Calyam tells ABC 17 News the information could still be valuable.
“You worry about the accounts where people put their whole lives, and their emails, bank accounts and passwords for other systems,” Calyam said, “and somebody meticulously going through that could really cause a lot of danger.”
Suspicion of a hack first arose in August, according to CNN Money, when a someone tried selling information from 200 million accounts. The Yahoo breach could be the largest to a private tech company. In 2012, LinkedIn reported a theft of 117 million accounts. MySpace reported earlier this year that 360 million accounts had information stolen. Yahoo said information like password security questions and email addresses may have been stolen. No “unprotected” passwords were stolen, but Yahoo “invalidated” security questions used to access some accounts. Yahoo, which was bought by Verizon this summer for more than $4 billion, did not explain the reason for delay between the suspected 2014 hack and its disclosure Thursday.
Calyam said even the lightest user of Yahoo should take note of the hack.
“Things are linked,” Calyam explained. “You link several email accounts to several other email accounts, and you might have some information, some email account you think is not important, but maybe is the gateway for something else.”
Calyam recommended a change of not only a Yahoo password, but passwords for all online accounts. With increased connection from one platform to another, he said the “mesh” of online security can weaken if something fails. Calyam said a password of at least eight characters, with upper and lower case letters and special characters included, make strong passwords. Utilizing these from the start stop people from being “reactive” to news of a data breach, Calyam said.
