Yahoo has confirmed that information associated with at least 500 million user accounts was stolen from the company’s network in late 2014 — and it believes a ‘state-sponsored actor’ is responsible.
Yahoo notifies users of massive data breach
Yahoo is notifying potentially affected users via email about the matter and taking steps to secure their accounts. Here is an excerpt from the company’s Security Issue FAQs page about what information was stolen:
The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.
Potentially affected users should promptly change their passwords, and all users who haven’t changed their passwords since 2014 are being asked to do so.
Here are the safety recommendations that users are encouraged to follow:
- Change your password and security questions and answers for any other accounts on which you use the same or similar credentials as the ones used for your Yahoo Account.
- Review your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
Based on the recent investigation, the company says there’s no evidence that the state-sponsored actor is currently in Yahoo’s network. The investigation is ongoing at this time.
For more information, visit Yahoo’s Security Issue FAQs page.