On September 22, 2016, Yahoo Inc. gave public notice of a security investigation that uncovered an alleged state-sponsored attack against the company in which attackers were able to obtain the account information of approximately 500 million Yahoo users in late 2014. The information obtained by attackers includes the following:
- Names
- Email addresses
- Telephone numbers
- Dates of birth
- Encrypted and/or unencrypted security questions and answers
Yahoo recommends that users who have not changed their Yahoo account passwords since 2014 immediately do so in response to this incident. In addition, Yahoo recommends reviewing additional information regarding this incident on Yahoo's Account Security Issues FAQ.
As always, the UCLA Information Security Office recommends that users use a sufficiently complex password for every account and to avoid reusing passwords across accounts. Please contact us at security@ucla.edu with any questions or concerns with regard to safe account management.