Skip to main content

Yahoo expected to confirm hack that exposed data for ‘hundreds of millions’ of users (Update: Yahoo confirms)

Updated: Yahoo confirms.

We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

If the new Yahoo View app tempted you to dust off your Yahoo account to give it a try, you might want to change your password while you’re at it. Re/code reports that the company is expected to confirm that a hack has exposed the account details of ‘several hundred million user accounts.’

The hack was originally claimed last month, when Yahoo merely said that it was ‘aware of the claim.’ The fact that the company did not ask users to reset their passwords suggested that it didn’t take the claim seriously, but it seems it now does. The hack itself apparently dates back to 2012.

An infamous cybercriminal named “Peace” said on a website that he was selling credentials of 200 million Yahoo users from 2012 on the dark web for just over $1,800. The data allegedly included user names, easily decrypted passwords, personal information like birth dates and other email addresses.

The timing couldn’t be worse for Yahoo, at a time when it is negotiating a $4.8B sale of most of its business to Verizon. The piece speculates that confirmation of the data breach, with the potential liabilities involved, could impact the price of the same.

As ever, our recommendation is to use unique, strong passwords for every website and app, and to use two-factor authentication whenever offered. Hopefully it won’t be too much longer before passwords finally die.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications