Yahoo: More Than 500M User Accounts Impacted In Possibly Biggest Breach To Date
Yahoo confirmed that the large-scale data breach the internet giant was made aware of this summer includes more than 500 million user accounts – a number more than double the 200 million users originally thought to be impacted by previous reports.
The company said Thursday afternoon that "at least 500 million" user accounts have been impacted by the breach. Yahoo believes the hack was carried out by a state-sponsored actor.
According to a report by Business Insider, a breach involving more than 500 million user accounts would qualify the Yahoo hack as the biggest breach of all time. The internet company said it is working closely with authorities.
Yahoo in August said it was aware of a claim that 200 million Yahoo user accounts had been hacked, and that one infamous cybercriminal dubbed "Peace" was selling the stolen user information on the dark web.
The data breach has exposed certain user account information, which could include names, email addresses, telephone numbers, birthdays, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers, Yahoo said in a post on its investor relations page. The company added that it doesn't believe that payment card data and bank account information was among the stolen data.
Yahoo said that the hack on its network occurred in late 2014, and that the state-sponsored hacker is no longer on the network.
News of the hack came one month after telecom giant Verizon announced its intent to acquire Yahoo for $4.83 billion in July.
Some security vendor executives and analysts believe that the hack could have implications for the acquisition, including the potential renegotiation of Yahoo's sale price.
Michael Bremmer, CEO of TelecomQuotes.com, a telecom consultancy based in Moreno Valley, Calif., doesn't believe the large-scale hack will interfere with Verizon's plans to acquire Yahoo, but that the company could potentially use it as leverage to lower the price.
"Verizon needs Yahoo just as much as Yahoo needs Verizon, because Verizon wants to be in the content business and Yahoo did content well," Bremmer said. "The sad part is, we're used to seeing this kind of news [about breaches] come out all the time."
For its part, Verizon publicly commented on Yahoo's security breach on Thursday afternoon, writing that it had been notified of the breach within the past two days.
"We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact. We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities," Verizon said.
TelecomQuotes.com's Bremmer said that the high-profile breach could help bring much-needed attention to security, and could potentially give security products and services sales a boost.
Yahoo is in the process of notifying affected users. The company is encouraging any users that haven't changed their passwords since 2014 to do so now, and to "review their online accounts for suspicious activity."