“Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry”, the company said in a statement.
Advertisement
Yahoo has confirmed that the user information for 500 million accounts was stolen in a 2014 data breach.
Yahoo’s disclosure came a day after a report by Recode that the company was preparing to announce details of a breach this week, with sources claiming it was worse than the 200 million users affected as previously reported. For instance, the haveibeenpwned.com site, run by Microsoft MVP Troy Hunt, listed the MySpace hack at 359 million accounts exposed, while LinkedIn and Adobe followed at 165 million and 152 million accounts exposed, respectively.
The Internet responded in stride – as it has to all recent Yahoo-related news – with the regular tide of jokes about Yahoo’s dinosaur status.
Review your accounts for suspicious activity. Yahoo is now in the process of finalizing its sale to Verizon.
Yahoo says it’s notifying potentially affected users and taking steps to lock the hackers out. Conversely, the cyber-criminal did not steal “unprotected passwords, payment card data, or bank account information”, according to a statement from Yahoo.
That’s more accounts than were believed to have been accessed in eBay’s 2014 data breach when it made all of its 145 million active buyers change their passwords.
It also warned against unsolicited communications that ask users for personal information or refer them to a web page asking for personal information, and ask them to avoid clicking on links or downloading attachments from suspicious emails.
Blumenthal said law enforcement and regulators “should investigate whether Yahoo may have concealed its knowledge of this breach in order to artificially bolster its valuation in its pending acquisition by Verizon”.
Yahoo has also published an FAQ about the breach here.
Advertisement
The deal is expected to close in the first quarter of next year, which may give them some room to renegotiate the purchase price or even to walk away. “Until then, we are not in a position to comment further”.
