So, here we go again. And it's all thanks to Yahoo. It's hard to believe we're talking about another grand security breach - and the likes of which we've never seen before. Can things get any worse for Melissa Mayer?
Today Yahoo announced that personal information of at least 500 million users was stolen in an attack on its accounts in 2014. Yes, that's right - back in 2014. So while they announced this today, odds are they've known about this for a long time.
In Yahoo's statement, they said the attacker was a “state-sponsored actor,” and stolen information may include names, e-mail addresses, phone numbers, dates of birth, encrypted passwords and, in some cases, un-encrypted security questions and answers.
Interestingly enough, you'll have a pretty hard time even finding a mention of it anywhere on their site. If you do a search (from within Yahoo), you will find mention of the breach in multiple places - but NOT anywhere on Yahoo. What you will find is Yahoo's own Security Notice:
Naturally, we suggest that if you are currently or have EVER been a subscriber to Yahoo, please immediately go change your password there as well as anywhere else where you may be using the same password.
For more information on how you can best manage your passwords, check our our blog Strong Passwords are an Easy Start towards a Strong Cyber Security Footing.