Yahoo acknowledged that a data breach in late 2014 has affected at least 500 million user accounts and was likely caused by “a state-sponsored actor.” An unidentified individual or group may have stolen names, email addresses, telephone numbers, dates of birth, hashed passwords, and potential security questions and answers. However, Yahoo denies that unprotected passwords, payment card data, or bank account information were stolen.
As a result of this revelation, Yahoo is instructing all “potentially affected users” (basically every user) to change their passwords and “adopt alternative means of account verification.” The company has already invalidated all unencrypted security questions and answers, enhanced its systems to detect and prevent unauthorized access, and has been working with law enforcement to find those responsible.
Emails have been sent out to those Yahoo believes are affected by this security breach:
Please note that the email from Yahoo about this issue does not ask you to click on any links or contain attachments and does not request your personal information. If an email you receive about this issue prompts you to click on a link, download an attachment, or asks you for information, the email was not sent by Yahoo and may be an attempt to steal your personal information. Avoid clicking on links or downloading attachments from such suspicious emails.
While Yahoo is warning people about this issue, the notice doesn’t state exactly how hackers got into the company’s system. It’s likely that won’t be readily provided, but law enforcement likely knows.
June 5th: The AI Audit in NYC
Join us next week in NYC to engage with top executive leaders, delving into strategies for auditing AI models to ensure fairness, optimal performance, and ethical compliance across diverse organizations. Secure your attendance for this exclusive invite-only event.
Tumblr accounts are isolated from this impact.
In August, a hacker named “Peace” was said to be selling 200 million usernames and passwords from Yahoo’s database. A company spokesperson at the time told The Wall Street Journal that the firm was “aware of the claim and was ‘working to determine the facts.'”
Revealing this security breach comes at a bad time for Yahoo as it tries to keep its $4.8 billion acquisition deal by Verizon on track. That deal hasn’t closed, and there’s some speculation that today’s announcement could have an impact on the final closing price.
For those that are curious, Yahoo’s stock is down 0.67 percent at $43.84 with less than an hour before the market closes.
