YAHOO has confirmed that a massive data hack took place in 2014, compromising the accounts of 500 million users which includes information such as names, email addresses, telephone numbers, dates of birth, hashed passwords, and even security passwords, both encrypted and unencrypted.
In an official announcement on their Tumblr blog, Yahoo sought to reassure users that the stolen data did not include information on unprotected passwords, payment card data, or bank account information.
Bob Lord, chief information security officer at Yahoo, wrote that the information was likely stolen by a “state-sponsored actor”, who he says is not currently in Yahoo’s network. This means the breach was carried out by an individual hired by a government, reports CNN Money.
Lord said: “An increasingly connected world has come with increasingly sophisticated threats. Industry, government, and users are constantly in the crosshairs of adversaries.
“Through strategic proactive detection initiatives and active response to unauthorized access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure.”
Yahoo will be notifying the affected users, and will issue a password reset as well as request that the users use an alternative account verification method. All unencrypted security questions and answers have been invalidated so they cannot be used to access any of the affected accounts.
Earlier this week, Recode reported that a source familiar with Yahoo said the company would be confirming this week that a data breach has occurred, bigger than the one that took place in August this year.
In August, a hacker under the pseudonym ‘Peace’ reportedly posted the account information of 200 million Yahoo users for sale on the dark web. At the time, Yahoo said they were “aware” of the claim and were carrying out investigations.
This latest confirmation of such a huge data breach does not bode well for CEO Marissa Mayer, who has held the position since 2012. Mayer has been largely slated for not being able to transform the ailing tech company around during her years as CEO, and this news could also affect the US$4.8 billion sale of Yahoo’s core Internet businesses to Verizon.
However, the Business Insider reports that even if Verizon fires Mayer, she still walks away with a comfortable US$44 million-plus severance package, which begs the question: what about everyone else who will have to pick up the mess?
Mayer has not yet issued any statement addressing the matter of the hack. Tech Wire Asia has reached out to Yahoo for a comment and will update this article accordingly.