Yahoo has confirmed reports that millions of its users have had information compromised when “certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor”. The company did not disclose when exactly the hack took place beyond “late 2014”.
Advertisement
The stolen data may have included names, email addresses, phone numbers, birthdays, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers, Yahoo said in a press release Thursday.
Last month, the tech site Motherboard reported that a hacker who uses the name “Peace” boasted that he had account information belonging to 200m Yahoo users and was trying to sell the data on the web. The company further recommends that users avoid clicking on links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information. Verizon emerged as the winning bidder in July, and the telco plans to merge Yahoo’s web operations with AOL, which it acquired past year for $4.4 billion.
Yahoo did not immediately respond to specific questions from Business Insider on its delay reporting the breach to affected users.
The Sunnyvale, California, company declined to explain how it reached its conclusions about the attack for security reasons, but said it is working with the Federal Bureau of Investigation and other law enforcement.
“While we have seen more and more data breaches in the private sector in recent years, many of them affecting millions of consumers, the seriousness of this breach at Yahoo is huge”, Warner said.
“We understand Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact”. “The problem is not that [people] need to be concerned about their Yahoo account – its all the other accounts they use”. The company said it is notifying users who may have been affected.
The data breach comes at a sensitive time for Yahoo. The same hacker has previously claimed to sell stolen accounts from LinkedIn and MySpace.
“We take these types of breaches very seriously and will determine how this occurred and who is responsible”.
Advertisement
At a time of increasing breach fatigue, when big data exposures sometimes elicit little more than a yawn, this incident sets a new bar for massive leaks of account information. In a statement, the Federal Bureau of Investigation confirmed it is investigating the breach.
