Date: Friday, September 23rd, 2016, 05:51
Category: Hack, Legal, News, security
In the annals of hacks and breaches, this is pretty epic.
Yahoo confirmed on Thursday data “associated with at least 500 million user accounts” have been stolen in what may be one of the largest cybersecurity breaches ever.
The company said it believes a “state-sponsored actor” was behind the data breach, meaning an individual acting on behalf of a government. The breach is said to have occurred in late 2014.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in a statement.
Yahoo urged uses to change both their passwords and security questions as well as review their accounts for signs of suspicious activity. The company stated that sensitive financial data like bank account numbers and credit card data are not believed to be included in the stolen information, according to Yahoo.
The FBI, which is investigating the breach with Yahoo, offered the following statement:
“The FBI is aware of the intrusion and investigating the matter,” an FBI spokesperson said. “We take these types of breaches very seriously and will determine how this occurred and who is responsible. We will continue to work with the private sector and share information so they can safeguard their systems against the actions of persistent cyber criminals.”
The first signs of the breacher are rumored to have surfaced in August when a hacker going by the handle of “Peace”, claimed to be selling data from 200 million Yahoo accounts. The same hacker has previously claimed to sell stolen accounts from LinkedIn (LNKD, Tech30) and MySpace.
Yahoo, in turn, stated that it was “aware of a claim” and later found the situation to be far more severe than originally anticipated.
The breach comes at a time wherein Verizon agreed to buy Yahoo’s core properties as of late July, just days before the hack was first reported. The deal is expected to close in the first quarter of 2017.
Verizon says it only learned of the breach this week.
The breach could create a headache for both companies, including damaging press, scrutiny from regulators and a user exodus, just as they’re working to close the deal and figure out the future of Yahoo.
Via CNN Money