In 2013, Yahoo was involved in a data breach that affected users of their website and subsidiary services, including Yahoo Mail, Tumblr, and Flickr. An internal investigation initially reported that approximately 1 billion user accounts were seriously compromised, revealing information such as names, phone numbers, email addresses, and unencrypted security questions and answers.

​

Anyone with access to that information gains the ability to access a victim’s entire email account by following Yahoo’s official password reset process. This simply prompts for the email address, and then poses the security questions, of which the answers have been leaked. Once this is achieved, the hacker may then use the email account to reset passwords for other websites registered with that email, such as a Facebook account or some other web browser. These services would provide copious amounts of additional information to the hacker, such as the user's browser history.

​

Years after the data breach, Yahoo was acquired by Verizon, and they have recently run their own investigation into the data breach. After further investigation, they are reporting that every single Yahoo account was compromised, pushing the number of affected users to over 3 billion. The scale of this breach is hard to understate - the number of affected people is ten times the population of the entire United States, otherwise represented as 40% of the world's population. This data puts into perspective how little thought is donated to the computer security sector given how influential it has been to customers, corporations, citizens, and governments.

​

Such a vast change in the severity of the hack has not gone unnoticed by experts, especially considering that Yahoo has been involved in talk of being sold to Verizon. The implications are that Yahoo purposely did not reveal the extent of the hack until after the sale had ended.

​

However, security professionals expect a certain lack of accuracy when deciding how much information could have been compromised in cases such as this. Companies often do not have the infrastructure in place required to track what data the hackers accessed, so the process of determining damage could include a lot of guesswork and generalizations. For example, in 2013 when Targets credit card information database was breached, it was initially revealed that “potentially millions” of customer’s credit card information was stolen. As more research was conducted, the number was solidified to whopping 40 million customers.

​

These data breaches are entirely the fault of companies who collect and are legally required to protect sensitive information. However, there are a few steps that consumers can take to protect themselves from hacks like these that have plagued large corporations including Equifax, Sony, and Yahoo.

​

First, it is recommended that all internet users enable two-factor authentication for their social media accounts and web browsers to prevent hacked emails from doing even more damage. Make sure that passwords are not used across different services - a leaked laptop password could compromise all of your social media accounts as well. Finally, pay attention to the experts and delete your Yahoo account. Companies can only leak information that you give them, and the surest way to prevent this is to not use their services.