Yahoo Says Half Billion Accounts Hacked By State Sponsored Actor

Fact checked
yahoo

Yahoo confirmed a massive data breach on Thursday, saying account records of hundreds of millions of users had been compromised by “state-sponsored” hackers

Information contained in 500 million Yahoo accounts were stolen by hackers who broke into the internet company’s systems in 2014.

Yahoo now recommends users to change their account passwords if they have not done so already, after one of the biggest data breaches in history.

Variety reports:

The user-account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and in some cases encrypted or unencrypted security questions and answers, according to Yahoo. The data was stolen from the company’s network in late 2014, Yahoo said. It didn’t identify the country it believed was behind the attack.

What the disclosure means for Verizon’s pending $4.8 billion deal to acquire the core web businesses of Yahoo is not immediately clear.

Verizon, in a statement, said it was notified of Yahoo’s security breach in the last two days. “We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact,” the telco said. “We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities. Until then, we are not in position to further comment.”

The Yahoo announcement came after Vice’s Motherboard reported in August that a hacker known as “Peace,” who is believed to be a Russian cybercriminal, was advertising the sale of 200 million Yahoo user accounts in a black-market online forum for about $1,860 worth of Bitcoin. At the time, Yahoo said it was investigating the claims. Recode reported early Thursday that Yahoo was expected to confirm the data breach this week.

Yahoo said it was working with law-enforcement officials on investigating the incident. According to the company, based on what it has learned so far, none of the stolen information included unprotected passwords, payment-card data, or bank-account information.

“Yahoo is notifying potentially affected users and has taken steps to secure their accounts,” the company said. “These steps include invalidating unencrypted security questions and answers so that they cannot be used to access an account and asking potentially affected users to change their passwords. Yahoo is also recommending that users who haven’t changed their passwords since 2014 do so.”

Yahoo, which reaches some 1 billion users around the world, has posted a frequently asked questions document on its website about the breach. The company also is encouraging users to use Account Key, an authentication tool for its email app that associates a Yahoo account with a specific device to eliminate the need for a password.

As part of responding to the incident, Yahoo has enlisted New York-based communications firm Joel Frank, which specializes in crisis PR.

Be the first to comment

Leave a Reply

Your email address will not be published.




This site uses Akismet to reduce spam. Learn how your comment data is processed.