Why is Yahoo getting hacked again and again

Numbers with lots of zeros are usually good news for companies. Last summer not only brought record heat, but also record numbers: 65 million on Tumblr, 117 million on LinkedIn, and finally Myspace with 360 million. The problem: It wasn't quarterly profits, but user accounts that criminals had captured. Now Yahoo has set a new, sad record: half a billion hacked accounts mean the biggest data theft that has ever come to light. The most important answers to the hack:

What exactly happened?

On Thursday evening, Yahoo confirmed that hackers stole data from at least 500 million users in 2014. These are names, e-mail addresses, telephone numbers and dates of birth, and in some cases also answers to security questions. According to the current state of knowledge, bank details and credit card data should not be affected. The attackers also stole passwords. According to information from Yahoo's head of security, Bob Lord, they were not stored in plain text, but protected by a so-called hash function. An algorithm converts passwords into complex combinations of digits from which one can no longer infer the initial value. Allegedly the "large majority" of the passwords were protected with a procedure that is considered to be relatively secure. However, it is unclear how much login data was secured with weaker hash functions.

Yahoo believes the hackers were acting on behalf of a state. The US has often blamed Russia for cyber attacks.

How did Yahoo react?

Affected users were informed by email and asked to change their passwords. In addition, Yahoo has disabled non-encrypted security questions. Experts are investigating the incident. Yahoo is working with law enforcement agencies to help solve the problem.

What do Yahoo users have to consider?

In theory, anyone who had an account with Yahoo in 2014 could be affected. This is especially true for Yahoo Mail users, as an email service stores a lot of sensitive information. If criminals have access to the mailbox, they can use it to steal the access data from other sites that are linked to the account. Fewer than 300 million people worldwide use Yahoo mail. Even if all of these accounts were affected, there would be more than 200 million more. This could be, for example, login data for the photo platform Flickr or the blogging service Tumblr, both of which belong to Yahoo. These users should also change their passwords and make sure that they do not use the same passwords for any other service.

In addition, Yahoo users will now have to be even more careful when they receive an email asking them to click links, download attachments or change passwords. The captured data such as names and dates of birth can be used to create deceptively real phishing emails that address users personally. Although it looks like the emails come from Google, Amazon or Ebay, the reality is that they are made up of criminals.

What are the basic security rules on the Internet?

New hacks are becoming known all the time, dubious websites sell billions of stolen access data. Individual users can do little to counter this. The only thing left for you to do is to protect yourself as well as possible. You should use long, complex passwords, preferably in combination with a password manager. It is particularly important not to use passwords more than once. Two-factor authentication significantly increases security. Users have to enter a second code for the password, which they receive via SMS or an app on their smartphone.

What does the hack mean for Yahoo?

In July, Yahoo sold its core business to Verizon for $ 4.8 billion. Analysts are divided on whether the incident jeopardizes the deal and Verizon is trying to keep the price down. A Verizon spokesman said it had "limited information on the impact." Microsoft paid $ 26.2 billion for LinkedIn shortly after it was revealed that data was stolen from 117 million users. Expensive takeovers don't have to fail due to large data leaks.