Yahoo has confirmed that it was the target of what may be the largest cyberattack of all time. The breach took place back in 2014 and compromised the data of an unprecedented 500 million users.
"The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers," Yahoo said in a statement.
For small businesses, this means it's not just sensitive business data that's been stolen. Because the cyberattack has given hackers and their associates access to entire Yahoo accounts, customers' private information — such as those stored in emails and linked accounts — are also at risk. [See Related Story: Cybersecurity: A Small Business Guide]
The only bright side, however, is that the breach did not include financial information, such as credit card numbers or bank accounts, the company added.
Yahoo believes that the cybersecurity breach was "state-sponsored" — a hacker working for a government — and is working closely with law enforcement officials in their investigation. In the meantime, the company is taking action to protect users, such as informing them of the attack and prompting them to change their passwords and security questions (previous security questions have been invalidated to prevent unauthorized access to accounts).
Users should also change their passwords and security questions to other online accounts and never use the same the same credentials to log in to multiple accounts. For small business users, this could be anything from e-commerce, bank, marketing, social media and other related accounts.
Yahoo also recommends that users set up a free Yahoo Account Key. This service eliminates the need for passwords. After activating a key, users will need just their username to login. Yahoo will then send a phone notification to approve access.
In addition, small business users should stay vigilant about monitoring their accounts. Yahoo advises users to review any suspicious activities, be cautious of any emails or websites asking for personal information and not click on links or download attachments from unknown senders.
For more information on how to protect your business from hackers, check out our comprehensive cybersecurity guide for small business.