NEW YORK – Sept. 23, 2016 – Information from at least 500 million Yahoo accounts was stolen from the company in 2014, the company said Thursday, indicating it believes a state-sponsored actor was behind the hack.
The theft may have included names, email addresses, telephone numbers, dates of birth, and in some cases, encrypted or unencrypted security questions and answers, Yahoo said.
The FBI said it was aware of the intrusion and is investigating the matter but did not give any information about whether it had specific insight into who might have been behind the attack.
"We take these types of breaches very seriously and will determine how this occurred and who is responsible," the agency said in an emailed statement Thursday.
Claims surfaced in early August that a hacker using the name "Peace" was trying to sell personal information of Yahoo account users on the dark web – a black market of thousands of secret websites.
Yahoo, which says about 1 billion people globally engage with one of its properties each month, said it was notifying potentially affected users and taking steps to secure their accounts, such as invalidating unencrypted security questions and answers. Users who haven't changed their passwords since 2014 should do so, it said.
Yahoo owns the photo sharing site Flickr and the blogging site Tumblr. No Tumblr accounts were affected. Some Flickr accounts might have been, because in some cases, users' Flickr and Yahoo IDs are linked. Yahoo is reaching out to those users.
Yahoo is working to complete a $4.8 billion sale of its core Internet business to media giant Verizon Communications, which said it was notified of the Yahoo breach "within the last two days."
"We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact," Verizon said.
Given the unsettled nature of Yahoo's ownership, "regulators should be concerned with who will take responsibility for the response to this compromise. It can be easy for the 'right thing to do' to slip through the cracks in a multibillion-dollar transition," said Tim Erlin, senior director of IT security and risk strategy at Tripwire, a computer security firm.
The breach doesn't threaten Verizon's acquisition of Yahoo, says Robert Peck, Internet equity analyst with SunTrust Robinson Humphreys, but the investigation will probably lead to findings that perhaps 5 percent of users have left Yahoo, and that could yield a lower price for Verizon.
Since the security breach is so massive, users' Internet accounts beyond Yahoo could be affected.
As is typical with these large hacks, experts recommend account holders change passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account.
In addition, people should avoid clicking on links or downloading attachments from suspicious emails that claim to be updates from Yahoo about the breach.
Hackers often use news of big breaches to conduct "phishing" campaigns.
We are a full service real estate brokerage with over 100 agents to serve you. Let us be your real estate resource. Regardless whether you need to buy or sell now, or sometime in the future, let us help you. We are no pressure and will always try and help. Contact us at 561-792-3948 now.
"Among the real estate brokers that 1've worked with, Mrs. Margarita Zhemukhova is the only one that 1 felt comfortable and gave me an ease of mind to work with. She is responsible , conscientious , hard working and reliable agent. I would recommend her to all my families and my friends for real estate"