Yahoo users here likely hit by breach

The Yahoo logo pictured on a computer monitor.
The Yahoo logo pictured on a computer monitor. PHOTO: EPA

The sheer scale of Yahoo's latest data breach is unlikely to have left local users unscathed, cyber-security experts say.

More than a billion of its e-mail accounts were compromised, Yahoo said on Thursday. The Internet giant added that it discovered the breaches, which happened in August 2013, only last month.

This follows an announcement in September of a similar, but unrelated, breach that affected half a billion accounts.

Yahoo did not disclose the number of affected Singapore users. When contacted, a spokesman said: "The incidents had a global impact. We're not offering specifics with regard to individual countries or regions. Potentially affected users are being notified."

Cyber-security experts say all Yahoo users should take measures to protect their accounts.

"When breaches are of significant size and sophistication, users should err on the side of caution and assume their information has been stolen, and take action to limit the consequences of that information being stolen," said Mr Michael Lee, a security evangelist at RSA Asia-Pacific and Japan.

Local Yahoo users say the repeated breaches have eroded their trust in the company, even though it has introduced new security measures such as two-factor authentication.

Bank officer Mohammed Firdaus Ismani, 32, said: "I did think of stopping their service when they kept sending me e-mails to change my password because of security concerns."

According to The New York Times, the stolen Yahoo data is currently on sale in the dark Web - the illegal black market on the Internet - with current bids standing between US$20,000 and US$50,000 (S$72,000).

A version of this article appeared in the print edition of The Straits Times on December 17, 2016, with the headline 'Yahoo users here likely hit by breach'. Print Edition | Subscribe