How did Yahoo get hacked?

How did Yahoo get hacked?

Yahoo has had two breaches, one in early 2014 and now one in late 2016.

The FBI has now announced that this is the largest breach in cybercrime history, with over ONE BILLION accounts being hacked.

How? Apparently, it all started with an unsuspecting “spear phishing” email to a Yahoo employee in early 2014 (read more about spear phishing here). That makes this the biggest known hack of user data ever, and no other hack comes near to it.

The Breach

Yahoo says that the data includes names, email addresses, phone numbers, birthdays, hashed passwords, and security questions and answers. The reason this is a big deal? Many people use the same password or security questions for other accounts, so once the hackers know one user’s information, they can quickly use that to access other accounts. Luckily the credit card information and financial data is stored separately, so this information was not found, not that now that they know your personal information, it wouldn’t be hard for them to get to your financial information.

Another finding is that a separate attack took place in 2015 and 2016 in which hackers used cookies (read more about cookies here), which are small files that track web users) to bypass security protections and access users accounts without having to use a password. Yahoo believes that this situation is connected to the breach that occurred in 2014.

Are You Affected?

Worst case, 1.5 billion active and inactive users of Yahoo are affected. If you have or have had a Yahoo account, this should be the time that you reset passwords and security questions ON ANY ACCOUNT using the same information immediately. Sadly, there’s nothing you can do to get that data back, so you are best just to create something new that they can’t hack. For example, make your password more complex like, C0mpl3x!357 rather than complex357. Change the questions to something that isn’t related to the questions or answers that you had before. And watch your accounts for something that doesn’t look right and report it right away.

What Can You do to Protect Yourself?

First, make sure you have a complex password with numbers, symbols and letters and at least one capital letter.

Second, change your passwords every 90 days (minimum).

Finally, make sure you don’t leave your network open – always have the network password protected and a business class firewall (if you are a business).

These are only the basic beginnings to keeping your information safe. You can also work with an IT firm that will perform a security assessment and give recommendations to keep your business safe, so you don’t have to be like Yahoo’s CEO and explain how 1.5 billion accounts were hacked and that there is nothing you can do about it.

If you are interested in taking your security to the next level, reach out to us at 330-984-0154 or email You can also attend our Cyber Security Seminar in Solon, Ohio on March 22, 2017. For more information or to RSVP go here.

We also provide free educational training for your employees, after all, employee error is the number one cause of a data breach.

RSVP link:

By: Megan Augustine