Back in late 2014, Yahoo was on the receiving end of a hacker attack. In August of this year, a hacker was reportedly aiming to sell 200 million usernames, passwords, birhdates and e-mail addresses on the darknet. Today, Yahoo’s Chief Information Security Officer Bob Lord has officially made an announcement regarding this attack, and it is far more severe than anyone has ever imagined.
The announcement that was made earlier today by Lord claims that at least 500 million accounts were compromised during the attack, making it one of the biggest known website breach to occur on a single web property. Perhaps the oddest part out of the announcement is the source of the attack. According to the statement, Yahoo suspects that the attack was carried out by a state-sponsored actor.
As for what has been stolen by this security breach, the account information that was stolen may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers. Interestingly, payment card data or bank account information are not among the data stolen during the breach. In the meantime, Yahoo is recommending all of its users to change their account passwords and security questions and answers.
Source: Yahoo, Ars Technica
