Yahoo has confirmed that hackers accessed the details of 500 million users in 2014 in what is possibly the largest ever data hack. The stolen data includes telephone numbers, email addresses and encrypted passwords.
The company, which was agreed to be acquired by telecommunications company Verizon in July of this year for £3.7 billion, has issued the following statement: “A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and in some cases, encrypted or unencrypted security questions and answers.
“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.
“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen.”
The source of the attack is currently unknown but Yahoo described it as ‘state-sponsored’. Reports have suggested that the likely culprits could be China, Russia or North Korea, but the company has refused to comment on the validity of this. Yahoo is encouraging its users to change the passwords of their accounts immediately.
Also just as curious is why this news is only emerging now, two years after the breach. News broke last month of a hacker who was attempting to sell Yahoo accounts online, but there is little to suggest that the two are connected.
Reacting to the news, Ryan Wilk, vice president at NuData Security, said: “While it’s good practice to change your usernames and passwords often and make them complex, it’s just not enough on its own. Data breaches continue to build upon each other. With each breach adding additional intelligence to achieving the goal of complete profiles of identities for a large segment of our population up for sale on the dark web.
“Access to this data, in particular, can allow the bad actors to reset passwords on banking and e-tailer sites linked to Yahoo accounts, or use the data to apply for a new credit card, or even more frighteningly, gain access to your work credentials, where the damage could be colossal.”