The stolen email addresses alone put users at risk of spam attacks and the additional information could be used to trick users into divulging more information about themselves.
Advertisement
It is not the first time Yahoo suffered a large-scale security breach. “Until then, we are not in position to further comment”.
In July, Yahoo sold its core operating business for US$4.8 billion to United States broadband communications giant Verizon.
Below, we look at how to know if your information was exposed in the Yahoo hack, or a security breach like it.
Barton said many email providers offer similar services.
Rumors of the breach started floating around in August when a hacker who goes by the name of “Peace” reportedly tried to sell some of the data in online black markets. That’s according to the latest data from the research firm comScore.
Spark has partnered with Yahoo for nine years, many of them punctuated by Yahoo security blunders. The company believes the hack was “state-sponsored”.
Yahoo’s chief information security officer, Bob Lord, said that the company is working with law enforcement regarding the massive hack.
Yahoo says the personal information in 500 million accounts was stolen in a massive security breakdown.
Other organisations have commented on the effect the breach could have on Yahoo’s impending takeover by USA telecoms company Verizon.
“It’s a shocking number”, Litan said.
“Enterprises must first assess what hackers would likely want to steal from them”, he said.
Yahoo says it is emailing owners of affected accounts now, so be sure to keep an eye out for an official email from them.
According to Yahoo, hackers may have stolen “names, email addresses, telephone numbers, dates of birth, encrypted passwords and, in some cases, encrypted or unencrypted security questions and answers”. Furthermore, it said not all accounts were compromised, and that some details, such as bank account numbers and credit card data, do not appear to have been targeted.
“The investigation has found no evidence that the state-sponsored actor is now in Yahoo’s network”, the company said.
Yahoo has also recommended all the users who haven’t change their passwords since 2014 to do so.
Yahoo had no evidence that the stolen bcrypt-protected passwords or security questions and answers were used to gain unauthorised access to Spark accounts.
Shares of Yahoo stock were barely changed for the day after the news, while shares of Verizon Communications, which has agreed to buy the company’s Internet business, were up about 1 percent.
That deal, announced two months ago, isn’t supposed to close until early next year. That could happen if users shun Yahoo or file lawsuits because they’re incensed by the theft of their personal information.
As of publication, shares of Yahoo had fallen 0.3 percent to $44.02, while shares of Verizon had climbed one percent to $52.39.
“We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities”, Verizon said in the statement.
Advertisement
Yahoo is the latest company to be embroiled in what is thought to be one of the largest cybersecurity breaches ever.
