Yahoo confirms 500 million accounts compromised in huge data breach
FNC: Yahoo has confirmed that hackers stole information from at least 500 million user accounts in what it describes as a “state-sponsored” attack.
In a statement released Thursday, Yahoo’s Chief Information Security Officer Bob Lord said that the information was stolen from the company’s network in late 2014. “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” he said.
However, an ongoing investigation into the hack suggests that stolen information did not include unprotected passwords, payment card data, or bank account information, according to Lord. Payment card data and bank account information are not stored in the affected system, he added.
The investigation has found that the attacker is no longer in Yahoo’s network. The internet giant said that it is working with law enforcement.
Yahoo is notifying potentially affected users and asking them to promptly change their passwords.
Early on Friday Recode reported that Yahoo was set to confirm a major data breach of its systems in 2012 that compromised the personal data of 200 million accounts.
****
PYMNTS: Yahoo did announce over the summer that is was investigating a possible data breach wherein hackers claimed to have accessed 200 million Yahoo user accounts that they were selling online.
“It’s as bad as that,” one source told re/code. “Worse, really.”
And a hack that is “bad” on its best description and “worse” than 200 million accounts going up for sale on the dark web may only be the beginning of Yahoo’s troubles this week, since the firm is also in the midst of trying to close a $4.8 billion sale of its core business — which is at the center this hack — to Verizon.
If the scale of liability is large enough, it could be a costly problem for Yahoo’s new owners — and the firm’s shareholders are likely to worry that it could lead to an adjustment in the price of the transaction. As of now the deal is moving forward as it goes through a variety of regulatory clearances. The deal must also pass final muster with Yahoo’s shareholders. Representatives of both firms have recently began meeting to review the Yahoo business and to make sure the transition runs smoothly. We’re sure those meeting will be delightfully fun this week.
If this is the same hack that was reported over the summer, the actor behind the mayhem is an infamous cybercriminal named “Peace.” Peace was, by his own admission, selling credentials of 200 million Yahoo users from 2012 on the dark web for just over $1,800. The data allegedly included user names, easily decrypted passwords, personal information like birth dates and other email addresses. At the time (in August 2016) Yahoo noted being “aware of the claim,” but did not confirm or deny it. However, at the time Yahoo did not issue a password reset recommendation.
If this hack is what it seems to be, it will be a depressing coda on CEO Marissa Mayer’s run at the head of Yahoo. Though brought in to turn the firm around, Mayer was unable to find traction for a reset, refocused Yahoo — which eventually precipitated the sale.
