Yahoo Japan has warned that the identity details of up to 22 million users may have been compromised when attackers hacked into its computer systems.
The company said in a statement that its administration system was attacked last week and that a file containing identity details of about a tenth of its users was potentially compromised.
While the file did not contain enough information for attackers to impersonate users or reset passwords, the company said it would advise users to change their passwords, according to the BBC.
Yahoo Japan, jointly owned by mobile firm Softbank and Yahoo, said it had tightened security measures in the wake of the attack.
News of the attack coincides with news that Yahoo is set to acquire blogging service Tumblr for $1.1bn in a cash deal approved by the board.
“Yahoo is just the latest in an increasingly long line of major brands which is learning that it is no longer a matter of ‘if’ you’re breached, but ‘when’,” said Ross Brewer, managing director and vice-president, international markets, at security firm LogRhythm.
“To its credit, Yahoo has been quick to come clean about this attack, and should also be commended for providing its members with actionable advice on how to stop hackers from compromising their individual accounts,” he said.
more on data breaches
- Another online firm hit by data breach
- What’s to be done about data breach discovery?
- Bad outsourcing decisions cause 63% of data breaches
- Data breach investigations show no-one is immune
- EC data breach proposals get mixed response
- ICO turns fines on private sector data breaches
- Tips for healthcare data breach prevention from Verizon research
- Nasa to encrypt data after latest breach
However, in the aftermath of any breach, Brewer said it is also absolutely vital to investigate how the attackers managed to get in, and then use this intelligence to beef up security defences in the future.
“The clues will be buried in the log data. By analysing the logs that every IT infrastructure generates on a daily basis, organisations can gather vital evidence about how hackers are able to infiltrate their networks, target high-value files or databases and then extract this information,” he said.
Brewer claimed that it is only with this level of network intelligence that an organisation can improve its overall security posture and be in a better position to thwart future attacks.
“With real-time analysis of log data, firms can identify attacks and other unexpected incidents the moment they happen; stopping hackers in their tracks and avoiding the embarrassing headlines that accompany any breach,” he said.