Data from at least 500 million Yahoo users was “stolen” during an attack in 2014, the internet company has said.
Advertisement
Yahoo has confirmed that a data breach from 2014 hit 500 million users, allowing hackers access to sensitive information, including poorly encrypted passwords.
On the bright side of this bad news, Yahoo announced that unaffected items include unprotected passwords, payment card data, or banking information.
Account passwords were also copied by the hacker, but were hashed in most cases with the bcrypt function, which is considered resistant to brute-force cracking attempts. Yahoo is blaming the hack on a “state-sponsored actor”.
LinkedIn said in May it was investigating whether a breach of more than six million user passwords in 2012 was bigger than originally thought, following a hacker’s attempt to sell what was purported to be login codes for 117 million accounts. The company is in the process of notifying users who were possibly affected.
Yahoo! is also asking users to check their accounts for suspicious activity and consider using its password-free Yahoo Account Key authorization tool.
The comments come after a report earlier this year quoting a security researcher saying some 200 million accounts may have been accessed and that hacked data was being offered for sale online. It said it has “no evidence” that the attacker is still in Yahoo’s network.
Unlike others, Yahoo! doesn’t appear to be offering any kind of credit monitoring service for affected customers, but helpfully includes a link for users to check their own credit records.
State-sponsored hackers often don’t have the same motives.
Peace was selling that data for just 3 bitcoin, or around $1,860, according to Motherboard.
Williams said the incident was “less of a story about. passwords being exposed and more about how lax security and poor handling of incidents can impact the very existence of a company”.
The reason behind the delay in announcement is believed to be the former internet giant’s deal with Verizon, which agreed to buy its operating business on in July this year for $4.83 billion. “Yahoo is working closely with law enforcement on this matter”, he stated.
Advertisement
“Additional information will be available on the Yahoo Security Issue FAQs page, beginning at 11:30 am Pacific Daylight Time (PDT) on September 22, 2016”.
