Yahoo announced on Thursday that as many as 500 million of its accounts had been compromised by a hack late in 2014, which it said had been sponsored by an unidentified foreign government.
Advertisement
Users’ names, email addresses, telephone numbers, birth dates, passwords, and security questions have all been stolen, although bank account and credit cards details haven’t, the company said. Conversely, the cyber-criminal did not steal “unprotected passwords, payment card data, or bank account information”, according to a statement from Yahoo.
Yahoo says the personal information in 500 million accounts was stolen in a massive security breakdown.
A statement released by Yahoo added: “The investigation has found no evidence that the state-sponsored actor is now in Yahoo’s network”. Users are being urged to change their passwords and security questions at the earliest and “adopt alternate means” to verify their accounts.
Thursday’s breach might also be politically motivated. “Yahoo and other companies have launched programs to detect and notify users when a company strongly suspects that a state-sponsored actor has targeted an account”.
Yahoo is asking affected users to change passwords, and recommending anyone who has not done so since 2014 to take the same action as a precaution.
“It’s not yet clear what the motives were but it’s not to simply leak the credentials and call it a day”, said Michael Borohovski, CEO of Tinfoil Security.
That could happen if users shun Yahoo or file lawsuits because they are incensed by the theft of their personal information.
The “treasure trove of secrets” could be used to defraud or blackmail money from Yahoo users or even steal their identities.
“Yahoo may very well be facing an existential crisis”, Corey Williams, senior director at security firm Centrify told the Associated Press.
Though the data breach obviously spells trouble for those with YahooMail accounts, users with hacked accounts need to keep in mind that the breach goes so much further.
The breach raised speculation about the potential impact on the Internet pioneer’s $4.8 billion deal to be acquired by Verizon Communications Inc.
The Internet responded in stride – as it has to all recent Yahoo-related news – with the regular tide of jokes about Yahoo’s dinosaur status.
Advertisement
“Within the last two days, we were notified of Yahoo’s security incident”, a spokesperson for Verizon said in a statement provided to CNNMoney.
