The firm said the stolen information did not include unprotected passwords, payment card data, or bank account information.
Advertisement
Affected users are being notified, accounts are being secured, and there’s no evidence the attacker is still in the network, Yahoo also said.
“The attack came from what is believed to be a State-sponsored actor”. The breach is being investigated by the Federal Bureau of Investigation, with Yahoo claiming a “state-sponsored actor” is to blame for the attack.
News of the security lapse, which dates back to late 2014, could cause some people to have second thoughts about relying on Yahoo services, and raise questions about the checks and balances within the company. Yahoo is advising users to change their passwords if they haven’t done so since 2014.
If the hacking prompts customers to leave Yahoo, the company may see its value erode. Insider sources claimed that the company would make the announcement this week.
According to Yahoo, the hack compromised account information like name, address, birthday, possibly even some unencrypted security questions and answers.
Yahoo! Inc. (NASDAQ: YHOO ) has has confirmed a Yahoo data breach that resulted in user information being stolen.
The company’s investigation thus far has pointed to a nation sponsor as responsible for the heist that occurred late in 2014 and had gone undetected until last month, said Bob Lord, Yahoo’s CISO, in a blog post. USA Today reports that some accounts are affected, since many Flickr and Yahoo accounts are linked. Verizon agreed to buy the Yahoo’s core properties for $4.83 billion in July, and it’s unclear how the security breach will impact the sale. At least that’s what Yahoo is claiming.
“If the investigation determines that this extremely sensitive information were stored unencrypted, then serious questions need to be answered as this lack of security will highlight serious failings by Yahoo in its responsibility to protect customers”.
Security experts say it’s not uncommon for there to be a significant delay between a breach and its disclosure.
Advertisement
“This is the biggest data breach ever,” said well-known cryptologist Bruce Schneier. “Users should also reset passwords for other accounts that share the same password as their Yahoo account and consider using a password manager”, said David Gibson, vice president of strategy and market development at Varonis. Be sure to change them for any other accounts on which you used the same or similar information used for your Yahoo account (but remember, you really shouldn’t be reusing passwords).
