Yahoo acknowledged that a data breach in late 2014 has affected at least 500 million user accounts and was likely caused by “a state-sponsored actor.” An unidentified individual or group may have stolen names, email addresses, telephone numbers, dates of birth, hashed passwords, and potential security questions and answers. However, Yahoo denies that unprotected passwords, payment card data, or bank account information were stolen.
As a result of this revelation, Yahoo is instructing all “potentially affected users” (basically every user) to change their passwords and “adopt alternative means of account verification.” The company has already invalidated all unencrypted security questions and answers, enhanced its systems to detect and prevent unauthorized access, and has been working with law enforcement to find those responsible.
[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":2061583,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"D"}']Emails have been sent out to those Yahoo believes are affected by this security breach:
Please note that the email from Yahoo about this issue does not ask you to click on any links or contain attachments and does not request your personal information. If an email you receive about this issue prompts you to click on a link, download an attachment, or asks you for information, the email was not sent by Yahoo and may be an attempt to steal your personal information. Avoid clicking on links or downloading attachments from such suspicious emails.
While Yahoo is warning people about this issue, the notice doesn’t state exactly how hackers got into the company’s system. It’s likely that won’t be readily provided, but law enforcement likely knows.
AI Weekly
The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.
Included with VentureBeat Insider and VentureBeat VIP memberships.
Tumblr accounts are isolated from this impact.
In August, a hacker named “Peace” was said to be selling 200 million usernames and passwords from Yahoo’s database. A company spokesperson at the time told The Wall Street Journal that the firm was “aware of the claim and was ‘working to determine the facts.'”
Revealing this security breach comes at a bad time for Yahoo as it tries to keep its $4.8 billion acquisition deal by Verizon on track. That deal hasn’t closed, and there’s some speculation that today’s announcement could have an impact on the final closing price.
For those that are curious, Yahoo’s stock is down 0.67 percent at $43.84 with less than an hour before the market closes.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More