(Reuters) - Many Yahoo users rushed on Friday to close their accounts and change passwords as experts warned that the fallout from one of the largest cyber breaches in history could spill beyond the internet company’s services.
After Yahoo disclosed on Thursday that hackers had stolen the encrypted passwords and personal details of more than 500 million accounts in 2014, thousands of users took to social media to express anger that it had taken the company two years to uncover the data breach.
Several users said they were closing their accounts.
“We’re probably just going to dump Yahoo altogether,” said Rick Hollister, 56, who owns a private investigation firm in Tallahassee, Florida. “They should have been more on top of this.”
Due to the scale of the Yahoo breach, and because users often recycle passwords and security answers across multiple services, cyber security experts warned the impact of the hack could reverberate throughout the internet.
Several users said they were scrambling to change log-in information, not just for Yahoo but for multiple internet accounts with the same passwords. Accounts at banks, retailers and elsewhere could be vulnerable.
“I suppose a hacker could make the connection between my Yahoo and Gmail,” said Scott Braun, 47, who created a Yahoo email when he was setting up a shop on online retailer Etsy. “They both use my first and last name. Not being a hacker, I don’t know what their capabilities are.”
That concern was echoed in Washington. “The seriousness of this breach at Yahoo is huge,” Democratic Senator Mark Warner said Thursday. The company plans to brief Warner next week about the attack, his office said.
Yahoo has said that it believes that the breach was perpetrated by a state-sponsored actor.
SY Lee, a former Department of Homeland Security spokesman, said that would be of particular concern to the intelligence community, given the interest state-sponsored hackers have in compromising employees with security clearances.
The FBI had not issued specific guidance to its employees on handling their personal Yahoo accounts, a spokeswoman said.
British companies BT Group BT.L and Sky Plc SKYB.L, which use Yahoo to host email for some of their broadband customers, said they were communicating with their users.
Yahoo urged users to change their passwords and security questions, but some said it would be easier just to give up their accounts because they rarely use them.
The company has been losing users, traffic and ad revenue in recent years and over the summer agreed to sell its core business for $4.8 billion to Verizon VZ.N.
Rachel, a 33-year-old from Newcastle, England, who asked Reuters not to use her last name, said she would be shutting down the Yahoo account she opened in 1999.
Furious that the company had not protected its customers’ data better, she said she thought this could be yet another blow for the email service, which has been overtaken in popularity by Google’s Gmail over the last decade.
But Cody Littlewood, who owns a start-up incubator in Miami Beach, was one of several users who said it was precisely because of the decline in the use of Yahoo’s services that they were not worried about the hack.
“Yahoo is only relevant for fantasy football. Worst case scenario, they get into my account and drop Jamaal Charles,” he said, a reference to the star Kansas City running back who regularly tops fantasy football rankings.
Additional reporting by Dustin Volz; Editing by Cynthia Osterman