Yahoo Says 500 Million Users Affected by Hack

The Hollywood Reporter
Yahoo Says 500 Million Users Affected by Hack

A 2014 hack of Yahoo's network has exposed account information for at least 500 million users, the tech giant announced Thursday morning. 

The internet company, which is in the process of being acquired by Verizon, believes that the hack was conducted by a "state-sponsored actor" and may have included names, email addresses, telephone numbers, birth dates, passwords and security questions and answers. The company's investigation revealed that encrypted information such as credit card and back account numbers were not compromised. 

Yahoo says it is notifying people who may have been affected and asking them to secure their accounts. It is also recommending that users who haven't changed their passwords since 2014 do so. 

A spokesman for Verizon, which in July was named the winner in the auction for Yahoo's internet assets with a bid of $4.8 billion, sent a statement to The Hollywood Reporter that indicates Verizon was notified within the last two days about the hack. "We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact," the statement continues. "We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities. Until then, we are not in position to further comment."

The breach first became public in August, when a hacker who went by the name "Peace" - who was previously associated with hacks at Myspace and LinkedIn - tried to sell the information via online forums. At the time, Yahoo said it would investigate the claims.  

Yahoo said it is working with law enforcement. The company also noted that there is no evidence that the hacker is currently in Yahoo's network. 

"Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry," the company wrote in its message about the breach. Yahoo is encouraging users to monitor their accounts for suspicious activity and avoid clicking on links for downloading attachments from suspicious emails.