SAN FRANCISCO — Yahoo announced Thursday that the account information of least 500 million users was stolen by hackers two years ago.
In a statement, Yahoo said user information — including names, email addresses, telephone numbers, birth dates, passwords, and in some cases security questions — was compromised in 2014 by what it believed was a “state-sponsored actor.” It did not name the country involved.
The company said it was working with law enforcement officials. It encouraged users to review their online accounts for suspicious activity and to watch out for suspicious emails.
The announcement comes as Verizon Communications moves forward with its $4.8 billion acquisition of Yahoo. It is unclear what effect the breach, if any, will have on Yahoo’s sale price. That will most likely depend on what Verizon learns about Yahoo’s security controls. But security experts say the incident could have far-reaching consequences for users beyond Yahoo’s services.
“The stolen Yahoo data is critical because it not only leads to a single system but to users’ connections to their banks, social media profiles, other financial services and users’ friends and family,” said Alex Holden, the founder of Hold Security, which has been tracking the flow of stolen Yahoo credentials on the underground web. “This is one of the biggest breaches of people’s privacy and very far reaching.”
Continue reading the main story