Hackers stole data from at least 500 million Yahoo users

Yahoo was hit by one of the biggest data thefts in history after account information of at least 500 million users was stolen in a 2014 hacking incident by a "state-sponsored actor," the pioneering internet company said Thursday.

Information obtained in the hack may have included names, email addresses, telephone numbers, dates of birth, encrypted passwords and possibly security questions and answers, according to a Yahoo statement.

So far there is no evidence of unencrypted passwords or banking and credit card details being stolen, according to Bob Lord, Yahoo's chief information security officer. That information is stored on another system which is apparently not affected, he said.

The company is now notifying potentially affected users, and urging people to promptly change their passwords and account verification methods.

"The investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network," Lord said. "Yahoo is working closely with law enforcement on this matter."

Yahoo didn't say how the hackers broke into the company's network or which country may have sponsored the attacks.

The FBI said it was aware of the breach and is now investigating the matter.

"We take these types of breaches very seriously and will determine how this occurred and who is responsible."

Initial reports about the data theft surfaced in August, as a hacker tried to sell account information of 200 million users for less than 2,000 dollars online. The user, known as "Peace," had also previously tried to sell hacked information from online networks MySpace and LinkedIn.

The combination of usernames and email addresses obtained could lead to so-called phishing attacks using the data.

It's also unknown how many Yahoo profiles can be opened via correct answering of security questions directly.

In July, Yahoo sold its core operating business for 4.8 billion dollars to US broadband communications giant Verizon.

The company issued a short statement to US media Thursday saying it learned of the incident in the last two days but it only had limited information.

"We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities," it said.

It's the second occasion that Yahoo account information has been compromised in recent times. In June 2012 some 450,000 Yahoo usernames and passwords were stolen and published online.

Last update: Fri, 23/09/2016 - 09:37
Author: 

More from Science & Tech

Samsung's quarterly profits more than double despite Note 7 debacle

Samsung's profits for the final quarter of 2016 were more than double the same period in the previous year, the...

China schedules first automated lunar sampling mission for November

China has scheduled the launch of lunar probe Chang'e-5 for November this year, in a mission marking several new...

Samsung: Battery design, manufacturing errors behind Note 7 fires

The design and production of the Samsung Galaxy Note 7's batteries caused the mobile phones to catch fire, the South...

Facebook to build data centre in Denmark

The Danish city of Odense and social media giant Facebook announced on Thursday the city was to host a new European...

Scientists say 2016 was warmest on record, for third consecutive time

Last year was the warmest since recordkeeping began in 1880, US government scientists said Wednesday, making 2016...