NEW YORK (WDTN) — Yahoo confirms huge data breach affecting 500 million accounts.
Yahoo said Thursday data “associated with at least 500 million user accounts” was stolen in what could be one of the largest cybersecurity breaches ever, CNN reports.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in a statement.
The statement from Yahoo says the ongoing investigation suggests that the stolen data did not include unprotected passwords, payment card data, or bank account information.
Yahoo said Thursday they believe this to be the work of a “state-sponsored actor,” but do not believe whoever did this is still inside Yahoo’s network.
Yahoo says they are working closely with law enforcement and said they are taking steps to protect their users including:
- We are notifying potentially affected users. The content of the email Yahoo is sending to those users will be available at https://yahoo.com/security-notice-content beginning at 11:30 am (PDT).
- We are asking potentially affected users to promptly change their passwords and adopt alternate means of account verification.
- We invalidated unencrypted security questions and answers so they cannot be used to access an account.
- We are recommending that all users who haven’t changed their passwords since 2014 do so.
- We continue to enhance our systems that detect and prevent unauthorized access to user accounts.
- We are working closely with law enforcement on this matter.