Internet giant Yahoo last Thursday disclosed a major data breach affecting over 500 million user accounts. Yahoo announced that a state-sponsored actor was responsible for the breach which occurred in late 2014.
Information suspected to be leaked in the breach include names, email address, telephone numbers, birth dates, hashed passwords and, in some instances, encrypted or unencrypted security questions and answers. Yahoo has already invalidated those unencrypted security questions and answers.
Yahoo has said it is taking steps to notify affected users and has advised users who haven’t changed their passwords since 2014 to do so. The company statement also recommended that customers “avoid clicking on links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information.”
Further security concerns with the breach includes attackers using leaked information for phishing attacks, sending spam messages from compromised accounts as well as other identity theft incidences.