The company, which agreed in July to be acquired by Verizon in a deal that’s still pending, said that it believes the hack was undertaken by a “state-sponsored actor” but provided no further details as to which country they believe might have been behind the hack.
Advertisement
The Sunnyvale, California, company declined to explain how it reached its conclusions about the attack for security reasons, but said it is working with the Federal Bureau of Investigation and other law enforcement.
The stolen data included names, email addresses, telephone numbers, dates of birth, and encrypted passwords of at least 500 million accounts that were breached from the company’s network in late 2014, Yahoo said in a statement.
Investigators believe the hack was “state-sponsored”, meaning a foreign government or group organized the cyber crime. It’s in the process of selling its core online properties to Verizon for $4.8 billion. The company said that it appeared more data was taken in the initial compromise and that the company was just learning about the larger amount through the hacker’s posting. Thieves potentially accessed Social Security numbers, names, birthdates, email addresses, employment details, incomes and street addresses.
Initial reports about the data theft surfaced in August, as a hacker tried to sell account information of 200 million users for less than US$2,000 online.
“Who knows what you put in an email in that time period that could be at risk”, said Lockart. “Until then, we are not in position to further comment”, the company said in a statement.
Does Yahoo have a place where I can find all this information?
An investigation is still continuing into the breach, which Yahoo said happened in late 2014. ” The last bit is particularly important because it means hackers have gotten their hands on security questions and it looks in some cases there are unencrypted leaving the accounts completely vulnerable”. John Benkert, a cyber security expert with CPR Tools in Fort Myers, aggress with this notion, adding: change your passwords every 60 days.
Yahoo also noted that no bank account information or payment card data were included in the breach.
It’s the second occasion that Yahoo account information has been compromised in recent times.
Review your accounts for suspicious activity. In addition, the company is invalidating unencrypted security questions and answers so they can not be used to access an account.
Also, beware of scam emails that may reference the Yahoo breach to try and pull more information out of you, by asking you to “verify” information.
Advertisement
“This is what we should expect and continue to see as companies don’t protect information as much as they should”, he said.
