Yahoo Says 500 Million Accounts Hacked

Hackers broke into half a billion Yahoo accounts in late 2014, the company acknowledged on Thursday.

Yahoo says it believes a "state-sponsored actor" was behind the massive data breach. "The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers," Yahoo Chief Information Security Officer Bob Lord stated Thursday. "The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected."

advertisement

advertisement

"Bcrypt" refers to a technique for converting passwords into text, according to Ars Technica. The method reportedly makes it difficult for hackers to decrypt the data.

It's not yet clear how news of the data breach will affect Verizon's pending $4.9 billion acquisition of Yahoo.

Verizon says it only learned of the massive hack two days ago. "We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact," Verizon stated Thursday. "We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities."

Yahoo's confirmation of the data breach comes two months after a hacker who goes by the name "Peace" said he was selling information about 200 million Yahoo account holders, including their names, other email addresses, birthdates, and some passwords. Peace said that data was obtained in a 2012 data breach.

1 comment about "Yahoo Says 500 Million Accounts Hacked".
Check to receive email when comments are posted.
  1. Jerry Shereshewsky from GrownUpMarketing, September 22, 2016 at 6:02 p.m.

    These enormous data breaches not only screw regular people, but they create inherent distrust of our amazing ecommerce and e banking systems.  The results are significantly more impactful than holding up a bank or commiting simple armed robbery.  We, as individuals and as an industry, need to press for more significant govermental action and penalties for this kind of behavior.  This is significantly more damaging than selling 1000 pounds of cocaine and should be treated that way.

Next story loading loading..