Cyber-security investigators are continuing to assess the damage in the aftermath of the massive Yahoo password breach that occurred in 2014, in which scores of Yahoo users had their password data stolen. The concern of investigators now is that the data could potentially be used to hack other websites, such as banks and email accounts.
According to Shuman Ghosemajumder, Shape Security's chief technology officer in California, cybercriminals often use this data for "credential stuffing". This is a process in which they use stolen usernames and passwords on various websites to access confidential information. Today's software makes this process almost instantaneous for cybercriminals, although it is only successful approximately 2 percent or less of the time.