The growing threat to global internet security posed by the activities of hackers appears to have assumed an alarming dimension with the announcement by Yahoo of an unprecedented breach of its system, compromising more than one billion user accounts.
Among the victims are more than 150,000 US government and military employees, presenting a threat to national security, according to a Bloomberg report.
The accounts belong to current and former White House staff, congressmen and their aides, FBI agents, officials at the National Security Agency, the Central Intelligence Agency, the Office of the Director of National Intelligence, and each branch of the US military.
The US intelligence agencies are currently conducting an investigation into extent to which an alleged Russia-sponsored hacking of the accounts of top politicians and functionaries during the campaigns affected the result of the country’s presidential election.
Clinton campaign chief John Podesta’s Gmail account was hacked in March, revealing over a decade of private communications and fuelling weeks of attacks on Hillary Clinton in the crucial final weeks of the U.S. presidential election. The hack was part of a propaganda campaign that U.S. intelligence officials believe was orchestrated by Russia to influence the election.
The company said in a statement, on Wednesday, it “is notifying potentially affected users and has taken steps to secure their accounts, including requiring users to change their passwords.”
“Yahoo has also invalidated unencrypted security questions and answers so that they cannot be used to access an account,” the statement further stated.
Yahoo also said in its statement that hackers stole the software it uses to create cookies, the browser tools that can let someone enter an account without a password. Yahoo said it believes that hacking may be related to the same state-sponsored hacking group it suspects is responsible for the 2014 hack.
The announcement caps off a rough few months for the troubled tech giant and leaves another blemish on a company seeking to sell itself to Verizon. When Yahoo announced a separate data breach in September, in which hackers in 2014 swiped user information from half a billion accounts, it was said to be the biggest cyber security breach ever.
Two weeks later, the company again came under fire after a report said it built tools to survey customers’ emails for US intelligence officials.
The personal information hackers stole could reportedly be used in combination with other hacked data. For example, if a criminal already has a credit card number, he might be able to use the stolen Yahoo data to find the answers to security questions that go along with it.