Breaking: Yahoo Admits to Data Breach of 500 Million(!) User Accounts

Yahoo has revealed that information related to at least 500 million user accounts were stolen from its network in a 2014 incident. The perpetrator, the company believes, was a state-sponsored hacker.

In a significant announcement, Yahoo has revealed that the information of some 500 million user accounts have been impacted and stolen from a 2014 data breach, contrary to earlier indicators that the breach impacted 200 million user accounts from a 2012 cyberattack.

The stolen account information includes:

  • Names
  • Email addresses
  • Telephone numbers
  • Dates of birth
  • Hashed passwords (a significant majority which bcrypt hash)
  • Encrypted or unencrypted security questions and answers.

A press release confirmed the affected number of accounts, over a staggering half a billion user accounts.

Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network.

Yahoo has further stated that it is notifying users who were potentially affected by the breach, with details to secure their accounts. Recommendations include changing account passwords and the security questions and answers on any other online user account, if they’re the same as that of the impacted Yahoo account.

If you haven’t changed your Yahoo passwords already after rumblings of a possible breach, details of which surfaced last month, you should now.

John Peterson, vice president and general manager of security firm Comodo Enterprises states that a good password habit can be prove critical to an individual’s online security.

“End users can help protect themselves by staying on top of their own password hygiene. They should use strong passwords – a combination of uppercase, lowercase and special characters – and make them longer than they’d like them to be,” he said in an email to Hacked.  “Also, everyone should be aware of what’s going on. If an organization that you interact with reports a breach, don’t wait to update your password. Do it immediately.”

No details have been revealed about the state-sponsored hacker accused by Yahoo to be behind the breach.

Featured image from iStock/maybefalse.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.