Biggest data breach ever — Yahoo + some AT&T accounts

Big news this week regarding data breaches. Yahoo revealed that account information for at least 500 million users was stolen by state-sponsored hackers two years ago. PC World’s article “Here’s what you should know, and do, about the Yahoo breach” discusses the breach and reviews best security practices.

An email compromise is one of the worst data breaches that a person could experience online, so here’s what you should know … there’s no way to tell if your account was among those whose passwords were hashed with bcrypt or not, so the safest option at this point is to consider your email compromised and to do as much as damage control as possible. … Large data breaches are typically followed by email phishing attempts, as cybercriminals try to take advantage of the public interest in such incident.

Here’s Yahoo’s official September 22 statement on the breach: “An Important Message About Yahoo User Security.” Their statement includes recommended actions.

UPDATE 9-27-2016: A CNET article today reminded me that some of my clients have AT&T high-speed Internet service (sometimes phone service as well) and their email service uses Yahoo.

Many AT&T customers use Yahoo accounts to manage their services and could be at risk. … It’s the outgrowth of a partnership formed 15 years ago between Yahoo and AT&T (then called SBC Communications), bringing AT&T broadband customers to Yahoo’s search engine and media services, including Yahoo Mail. … The hack puts AT&T in an uncomfortable position. The company is still waiting for data from Yahoo on the specific customers who may have been affected, according to a person familiar with their dealings. … For now, AT&T is offering little advice to its customers beyond the standard line: regularly change your passwords.