TechSpot

Yahoo says at least 500 million accounts compromised in 2014 breach

By Shawn Knight
Sep 22, 2016
Post New Reply
  1. Yahoo in early August said it was aware of an alleged security breach involving the login credentials of some 200 million Yahoo accounts but didn’t confirm or deny its authenticity.

    As it turns out, the breach was indeed legitimate and much worse than initially thought.

    Yahoo on Thursday said it has confirmed that certain user account information was stolen from its network in late 2014 by what it believes was a state-sponsored actor. Data that may have been compromised included names, e-mail addresses, phone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and in some cases, encrypted or unencrypted security questions and answers.

    Unprotected passwords weren’t compromised nor were payment cards as the latter weren’t stored on the affected system.

    Whereas initial reports pegged the breach at 200 million accounts, Yahoo is now saying that data was stolen from at least 500 million accounts. Re/code said earlier today that the breach may prompt a government investigation due to its sheer size.

    In addition to working with law enforcement on the matter, Yahoo said it is notifying potentially affected users and taking steps to secure their accounts including invalidating unencrypted security questions & answers and asking users to change their passwords. Those that haven’t changed their passwords since 2014 are also being encouraged to do so.

    It’s unclear why it took nearly a month and a half for Yahoo to publicly confirm the breach although Engadget speculates that it might have something to do with Verizon’s active acquisition of Yahoo.

    Permalink to story.

     
  2. LiveResistance

    LiveResistance TS Booster Posts: 85   +64

    Yahoo just continues to get better and better doesn't it folks? I guess change you password if you use Yahoo. (Or do yourself a favor and find a better service)
     
  3. rodzilla

    rodzilla TS Rookie

    This happened two years ago, and NOW we are being told to change our passwords? Wouldn't any damage already be done, or what was the point of the hack? Just the thrill of doing it?
     
    avoidz, Reehahs and Teko03 like this.
  4. MarkHughes

    MarkHughes TS Booster Posts: 71   +24

    Change my password 2 years after the event? No, I will just delete my account I think.
     
  5. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,624   +378

    Hmmm. I have an old account. I have the password (it's the right password). It wants me to also enter a security question answer I don't remember ever setting on the account to access. I'm locked out. What a cluster...
     
  6. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,519   +2,062

    It's probably happen several times before but this the only one they're owning up to.
     
    avoidz likes this.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...