Yahoo has announced details of a massive data breach, in which “information associated with at least 500 million user accounts was stolen”. That information may now be in the hands of a state-sponsored actor that no longer appears to be in the Yahoo network, Yahoo said.
Advertisement
Yahoo also said the company urges users to create strong, unique passwords but also points them to Account Key.
He said it was too early to say what impact the breach might have on Yahoo and its users because many questions remain, including the identity of the state-sponsored hackers behind it.
The data up for sale included user names, scrambled passwords and birth dates and likely dated from 2012, Motherboard reported last month, citing the cyberattacker, who went by the name Peace. That could happen if users shun Yahoo or file lawsuits because they’re incensed by the theft of their personal information.
An initial report by the technology news site Recode said some 200 million accounts were going to be affected, but the company has confirmed it is more than double that figure.
In August, a hacker named “Peace” was said to be selling 200 million usernames and passwords from Yahoo’s database.
The concession comes at the worst possible time for the beleaguered internet company.
Asking affected users to promptly change their passwords and adopt alternate means of account verification.
Advertisement
“The FBI is aware of the intrusion and investigating the matter”, an FBI spokesperson said. Shareholders may also be anxious as the hack could lead to a adjustment in the terms of the deal with Verizon. While the deal is almost complete, regulatory agencies and Yahoo’s shareholders have to sign off on the agreement. Shares of both companies were up 0.5 per cent in late morning trading, compared with a 0.6 per cent increase in the Nasdaq Composite index.
