Yahoo has publicly acknowledged that the account information of at least 500 million users was stolen by hackers in 2014, in the biggest known cyber breach of one company’s computer network. The Internet company is blaming “state-sponsored actors” for the theft that includes names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions.
Yahoo also said that the company believes that the hackers are no longer in its corporate network and it didn't believe that unprotected passwords, payment card data or bank account information had been affected.
The hack of Yahoo, still one of the internet’s busiest sites with one billion monthly users, also has far-reaching implications for both consumers and one of America’s largest companies, Verizon Communications, which is in the process of acquiring Yahoo for $4.8 billion.
In July, Yahoo began investigating claims by hackers who were offering to sell what they said were 280 million Yahoo usernames and passwords. Yahoo said it concluded the information for sale wasn't legitimate, but the company decided to broaden its probe, eventually determining that it had been breached by “a state-sponsored actor.”
As a result of this revelation, Yahoo is instructing all “potentially affected users” (basically every user) to change their passwords and “adopt alternative means of account verification.” The company has already invalidated all unencrypted security questions and answers enhanced its systems to detect and prevent unauthorized access and has been working with law enforcement to find those responsible.
Though Yahoo didn’t say how the hackers broke into its network or which country sponsored the attacks, the news doesn’t bode well for its Verizon deal. That deal hasn’t closed, and there’s some speculation that today’s announcement could have an impact on the final closing price.