Information from at least 500 million Yahoo user accounts has been stolen in a data breach that occurred in late 2014. The internet pioneer confirmed the breach in a statement today and is pointing the finger at a “state-sponsored actor.”

It’s a statement no company ever wants to make, especially when the sale of your core business is pending. In July Verizon agreed to buy Yahoo’s properties for US$4.83 billion and the deal is expected to close in early 2017.

“A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” the statement reads.

Account information such as names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers could have been compromised. Yahoo said financial information, such as payment card data, or bank account information was not stolen.

“The investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter,” the company said.

Recode, which first reported the breach, is says sources at Verizon said they were largely unaware of the severity of the attack and “other bidders contacted also said Yahoo execs did not outline the seriousness of the situation in their acquisition meetings.”

Yahoo is notifying potentially affected users and recommends users who haven’t changed their passwords since 2014 do so.

Infographic: Confirmed Yahoo Hack Could Be the Largest Ever | Statista
You will find more statistics at Statista



Previous post

Ad Tech firm The Trade Desk makes strong NASDAQ debut

Next post

Yes, CMOs Will Likely Spend More on Technology than CIOs by 2017