Yahoo confirms data breach affecting at least 500 million users
PUBLISHED Thu, September 22, 2016 - 3:31pm EDT
Suspected state-sponsored hackers breached Yahoo's network in late 2014, stealing data associated with at least half a billion user accounts, the company confirmed on Thursday, making it the largest data breach ever reported. (more)
Yahoo said data stolen may include names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, both encrypted and unencrypted security questions and answers. Users who may have been affected will be notified, the company said.
Specific details about the cyber attack were not immediately disclosed, but a statement from the company noted that it believes a "state-sponsored actor" was responsible. It did not indicate which country it believes may have been involved.
Although Yahoo emphasized that unprotected passwords, payment card data or bank account information was not stolen, so-called "hashed passwords" are still vulnerable if a user used common passwords or words and phrases that are found in dictionaries.
"Yahoo is notifying potentially affected users and has taken steps to secure their accounts," Yahoo said in its statement. "These steps include invalidating unencrypted security questions and answers so that they cannot be used to access an account and asking potentially affected users to change their passwords."
In addition, any users who have not changed their passwords since 2014 are being urged to change their passwords.
Word of the hack first emerged in August when someone named "Peace" claimed to be selling credentials to 200 million Yahoo user accounts, though "Peace" claimed that they dated back to 2012. Yahoo said at the time that it was investigating the claim, but it did not confirm the hack until Thursday.
A 40-year-old man accused of leading a network of scammers to steal more than $60 million from hundreds of people and businesses around the world has been arrested in southern Nigeria, officials say. A second suspect has also been arrested. (more) Read More
Britain's Daily Mail is in talks with potential partners to mount a joint bid for Yahoo's internet assets, eyeing a plan to buy the troubled U.S. Internet pioneer to help boost advertising revenues from the Mail's globally popular online news site. Grace Pascoe reports.
WikiLeaks has released six documents that were reportedly stolen from a private email account belonging to CIA Director John Brennan, and promising additional releases in the coming days. (more) Read More