Yahoo announced on Thursday that hackers had stolen 500 million users’ personal information during a "state-sponsored" hack in 2014.
The cyber criminals responsible for the hack have not been identified, but investigators believe they stole names, passwords, telephone numbers, birthdates, and other information belonging to Yahoo users.
With the announcement coming two years after the hack happened, cyber security expert Steve Nelson questioned why Yahoo waited so long to report the incident.
"The fact it's just now being reported makes it have more impact and more concern," he explained. "They could've accessed your bank but not done any damage yet. They're just watching. Now the info is coming out, so now they may go for the hack."
With so much information being shared nowadays over the Internet and through e-mail, Nelson said the hacked information could be used to access more private details about someone.
"How often do you use that same log-in and password at a different account? You just use your handle at your bank with that same password because it's easy to remember," said Nelson. "I've seen credit cards emailed. Your kid needs a credit card information, you send you info across email."
Of all the information stolen by hackers, Nelson said security question details may be the most concerning to users.
"Those types of questions are used by so many different systems," he explained. "That just broadened the hack."
Investigators believe the hack was "state-sponsored,” meaning a foreign government or group organized the cyber crime.
Nelson believes China and Russia are the likely suspects behind the Yahoo incident.
"State-sponsored means there's a lot of money and resources typically thrown at it," he explained.
To help protect your information online moving forward, Nelson offered the following tips:
- Use unique passwords
- Change the passwords often
- Vary the security questions asked at websites
-------
Tom Dempsey can be reached at Tom.Dempsey@KSHB.com.
