State-Sponsored Hackers Stole Personal Information From 500 Million Yahoo Users

Image: Gizmodo

It turns out the Yahoo hack was much bigger than we expected.

Advertisement

Yahoo just released a statement claiming that state-sponsored actors breached the company’s servers and stole data from half a billion users. The statement reads:

A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

The statement says that the breach did not include “unprotected passwords” or any banking information. Still, if you have a Yahoo account, it’s definitely a good time to change your password and update your security questions. If you’re using the same password or security questions that you used on Yahoo on other sites, it’s a good idea to change those too.

“Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry,” Yahoo said in the statement. “Yahoo and other companies have launched programs to detect and notify users when a company strongly suspects that a state-sponsored actor has targeted an account.”

Advertisement

The size of this hack is simply staggering, and for the culprit to be a state sponsored actor just makes it feel that much more insane. This may end up being one of the biggest publicly known state sponsored attacks on consumer data.

Share This Story

About the author

William Turton

Staff Writer, Gizmodo | Send me tips: william.turton@gizmodo.com

TwitterPosts
PGP Fingerprint: 88DF AB75 FAFC 1D10 4C45 A875 CA45 ABE6 B08D 8E52PGP Key
OTR Fingerprint: 47F02E79 399AB8FA CC2A4DEF 4573B25F 18AB41D2