Thursday September 22, 2016

Yahoo Confirms Massive Data Breach 500M Users Affected

As expected, Yahoo announced today that the massive data breach reported earlier this summer was far worse than expected with some 500 million users affected. Yahoo essentially sat on this information since the breach knowing that user's names, birthdays, email addresses, telephone numbers, hashed passwords and unencrypted security questions and answers were all compromised. frown

We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what we believe is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.