Yahoo Says Hackers Stole Data on 500 Million Users in 2014

Nicole Perlroth, reporting for the NYT:

Yahoo announced on Thursday that the account information for at least 500 million users was stolen by hackers two years ago, in the biggest known intrusion of one company’s computer network.

In a statement, Yahoo said user information — including names, email addresses, telephone numbers, birth dates, passwords and, in some cases security questions — was compromised in 2014 by what it believed was a “state-sponsored actor.” It did not name the country involved.

The company said that it was working with law enforcement officials and that it was invalidating existing security questions and asking users to change their passwords. Yahoo also encouraged people to review other online accounts for suspicious activity, change passwords and security questions on those accounts, and watch out for suspicious emails.

Verizon, in midst of acquiring Yahoo, only found out about this two days ago. Not a good coda to Marissa Mayer’s tenure, to say the least.

Update: Also, doesn’t “500 million accounts” effectively mean all Yahoo accounts in 2014? How many accounts could there have been that weren’t stolen? They’re saying “500 million” but they really mean “They stole every account”. Right? Update: Here’s a report that claims Yahoo has 1 billion “monthly active users”, but even if true, that doesn’t mean every active user is signed into an account. Even if it’s not all accounts that were stolen, it has to be most.

Thursday, 22 September 2016