Yahoo announces major data breach

Yahoo announces major data breach
© Getty

Yahoo on Thursday confirmed a large-scale data breach in which 500 million accounts have been compromised in what it believes was a state-sponsored hack.

According to the company, users’ “names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers” may have all been acquired in the breach.

ADVERTISEMENT
“Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network,” the company said in a statement. “Yahoo is working closely with law enforcement on this matter.”

Yahoo said it would notify users who may have been affected and urged those who had not changed their Yahoo passwords since 2014 to do so. 

The company also noted that they believed “unprotected passwords, payment card data, or bank account information” were not compromised in the hack. 

Recode reported earlier on Thursday that government investigations and legal action were likely.

Earlier in August, the tech company was reportedly investigating a potential breach of 200 million user accounts.

“It’s as bad as that,” one source told Recode. “Worse, really.”

At the time, a Yahoo spokesperson said the company was aware of the claim and that a “security team is working to determine the facts.”

Yahoo has previously had several issues with hackers and data breaches.

In 2015, hackers we able to hijack Yahoo’s ad network for a week, spreading malware via advertisements to millions of users.

In 2012, users sued Yahoo over a breach in which passwords from 450,000 accounts were stolen.