Users who haven’t changed passwords since breach encouraged to do so
Hackers accessed half a billion Yahoo email accounts as far back as two years ago, Yahoo admitted Thursday. (Bebeto Matthews/Associated Press)
A “state-sponsored” hacker managed to steal access to half a billion Yahoo email accounts in 2014, the company admitted Thursday.
The data stolen may have included names, email addresses, telephone numbers, dates of birth and hashed passwords but may not have included unprotected passwords, payment card data or bank account information, the company said.
The size of the breach makes the hack the largest ever recorded in terms of the number of accounts accessed.
Yahoo said it only recently discovered the hack as part of an internal investigation.
“The investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network,” the company said, adding that it is working with law enforcement on the matter.
The tech site Motherboard reported in August that a hacker who uses the name “Peace” boasted that he had account information belonging to 200 million Yahoo users and was trying to sell the data on the web.
In July, Verizon announced it planned to buy Yahoo’s digital operations for $4.8 billion US. It’s not immediately clear if the breach, or the cost of cleaning it up, will affect that deal in any way.
“We understand that Yahoo is conducting an active investigation of this matter, but otherwise we have limited information and understanding of the impact,” Verizon said in a statement.
The Verizon-Yahoo deal isn’t slated to close until early in 2017, leaving Verizon with some time if it possibly wants to back out or push for a lower purchase price.
Yahoo is encouraging Yahoo email users who haven’t changed their passwords since 2014 to do so.