Amid Yahoo’s sale of its core business to Verizon, the company is news again – and this time it is very serious. The internet giant officially confirmed that data breaches of its users and damage could be bigger than what is estimated.
At least 500 million user accounts was stolen
According to a report by Recode, last summer, hackers were selling account details of nearly 500 million yahoo users online. Some sources stated that hacker had accessed the company’s service, putting several hundred million users’ accounts at risk. Here is the statement published on Yahoo website:
The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network.”
The sources could not verity the extent of the vulnerability, since the government investigations and legal action related to the breach are pending. As Yahoo confirms information like names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers could be transpired to the hackers.
Earlier last quarter Yahoo announced that it would sell its core business to Verizon for the $4.8 billion – transfer of shares and close of the deal yet pending. And this scale of the liability could be large and could be a pressing issue for the new owners.
Since the announcement of the breach, Yahoo has been taking corrective measures for damage control. The company said it is notifying potentially affected users and has taken steps to secure their accounts, like invalidating unencrypted security questions and answers so that they cannot be used to access an account.
If you are using Yahoo and have not changed your passwords since 2014 the company recommends that potentially affected users change their passwords.