Yahoo Confirms 500m Accounts Hacked By A Foreign Gov’t

In what is believed to be the biggest digital data breach at an email provider, Yahoo Inc. announced on Thursday, that the account information of at least 500 million users was stolen by hackers in 2014.

In a statement, the company did not reveal who was behind the hack, but blamed it on a “state-sponsored actor” – parlance for a hacker working on behalf of a foreign government.

Yahoo said user information – including names, email addresses, telephone numbers, birth dates, passwords, and in some cases security questions – was compromised.

Advertisement

The Sunnyvale, California, company declined to explain how it reached its conclusions about the attack for security reasons, but said it is working with the FBI and other law enforcement. It encouraged users to review their online accounts for suspicious activity and to watch out for suspicious emails.

Yahoo began investigating a possible breach in July, around the time the tech site Motherboard reported that a hacker who uses the name “Peace” was trying to sell account information belonging to 200 million Yahoo users.

Yahoo didn’t find evidence of that reported hack, but additional digging later uncovered a far larger, allegedly state-sponsored attack.

“We take these types of breaches very seriously and will determine how this occurred and who is responsible,” the FBI said in a Thursday statement.

Advertisement

The announcement comes as Verizon Communications moves forward with its $4.8 billion acquisition of Yahoo. It is unclear what effect the breach, if any, will have on Yahoo’s sale price.

However, Analyst Robert Peck of SunTrust Robinson Humphrey said the breach probably was not enough to prompt Verizon to abandon its deal with Yahoo, but it could call for a price decrease of $100 million to $200 million, depending on how many users leave Yahoo.

It is unclear what steps, if any, Yahoo has taken since learning about the alleged compromise.

Yahoo also is recommending that all users change their passwords if they haven’t done so since 2014. If the same password is used to access other sites, it should be changed too, along with any security questions similar to those used on Yahoo.

Leave a comment

Advertisement