Hey, guys! So… Yahoo! has something they want to tell you. Something they probably should’ve told you two years ago, really. Data from more than 500 million of their users was stolen in 2014.
We’ve seen some big incidents over the years, but half a billion users? That’s one for the record books. On a good note, Yahoo! is finally number one at something again, and, hey, they still had more than 500,000,000 accounts on the books as of 2014.
That’s pretty much the only silver lining here (apart from maybe the fact that they did actually notice their network had been compromised, props for that). The fact that it has taken two years for them to publicly confirm what happened? Not good.
I hate to be a downer, but come on! They posted the announcement on the official Yahoo! Tumblr blog? Was there really no way you could bounce one syndicated clickbait headline from your front page so that people who go to Yahoo! — not Tumblr — would have a really good chance of seeing it?
What kind of data was stolen? Well, it “may have included” your name, email address, security questions and answers (possibly not encrypted) and password. Don’t worry too much about your password, Yahoo! says that the “vast majority” were encrypted with bcrypt. Unless they weren’t, in which case… well, that would really suck. It’s probably a safe bet that many of the people who still had an active Yahoo! account in 2014 were probably guilty of re-using their passwords.
Well, let’s say this Twinkie represents the normal number of accounts in a breach. Based on Yahoo’s announcement, it would be a Twinkie… thirty-five feet long, weighing approximately six hundred pounds.
You half billion affected users, fear not! After two years of preparation, Yahoo! has sprung into action. What are they doing? They’re sending you an email and nuking your security questions. Oh, and they’re recommending that you change your password.
Let’s fix that for the Yahoo! folks. Go change your Yahoo password. Now. Even if you’re not in the 500 million-person email blast they’re sending out. Do it before someone meddles with your beloved fantasy football team, because that’s probably the only reason you still go to Yahoo!