‘At least’ 500M Yahoo accounts breached
Yahoo has confirmed a data breach “associated with at least 500m user accounts.”
A statement from CISO Bob Lord said a copy of certain user account information was stolen in late 2014 by what Yahoo believes is a state-sponsored actor.
That account information potentially includes names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted and unencrypted security questions and answers. Yahoo said its investigation suggests the information did not include unprotected passwords, payment card data or bank account information as the latter are “not stored in the system that the investigation has found to be affected."
A breach at Yahoo impacts "at least" 500 million users.
Yahoo also said the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network and Yahoo is working with law enforcement.
In the meantime, Yahoo said it is notifying potentially affected users and asking them to change their passwords and “adopt alternate means of account verification.” It is also asking users who haven’t changed their passwords since 2014 to do so now.
The latest marketing news and insights straight to your inbox.
Get the best of The Drum by choosing from a series of great email briefings, whether that’s daily news, weekly recaps or deep dives into media or creativity.Sign up
In addition, Yahoo said it invalidated unencrypted security questions and answers so they cannot be used to access an account and has requested users consider its authentication tool Yahoo Account Key.
This story is developing.