Yahoo confirms data breach of 500 million user accounts

Yahoo! Inc. has recently released a statement confirming a massive data breach in the company’s network which has affected at least 500 million user accounts.

According to the statement, Yahoo “confirmed that a copy of certain user account information was stolen from the company’s network in late 2014.” The account information may have included “names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” but “did not include unprotected passwords, payment card data, or bank account information.”

The company claims that a “state-sponsored actor”, meaning an individual supported by a government, was behind the attack. Yahoo’s investigation is still ongoing and is working closely with law enforcement.

In the meantime, Yahoo is notifying potentially affected users and has taken steps to secure their accounts which includes invalidating unencrypted security questions and answers so that they cannot be used to access an account. The company also recommends potentially affected users to change their passwords especially those who haven’t done so since 2014.

source: Yahoo
via: The Next Web