Yahoo 2014 hack hit 500m users, probe shows
Yahoo said yesterday a massive attack on its network in 2014 accessed data from at least 500 million users and may have been “state sponsored.”
“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen,” a statement from the US internet giant.
“Yahoo is working closely with law enforcement on this matter.”
The comments were the first confirmation from Yahoo on the huge data breach, and come after a report earlier this year quoting a security researcher saying some 200 million accounts may have been accessed.
Stolen information may have included names, email address, birth dates, and scrambled passwords, along with encrypted or unencrypted security questions and answers that could help hackers break into victims’ other online accounts, according to Yahoo.
The ongoing investigation suggested that looted data did not include unprotected passwords or information associated with payments or bank accounts, the Silicon Valley company said. Yahoo is asking affected users to change passwords, and recommending anyone who hasn’t done so since 2014 take the same action as a precaution.
Users of Yahoo online services were urged to review accounts for suspicious activity and change passwords and security question information.