Tuesday, 19 June 2018
Latest news
Main » Yah-oof: 500M+ Yahoo user details stolen in huge hack

Yah-oof: 500M+ Yahoo user details stolen in huge hack

30 September 2016

This attack on Yahoo happened way back in 2014 but was discovered this year by Yahoo after reports of a separate breach in August. By contrast, Google's rival Gmail service saw desktop users rise 9 percent to almost 429 million over the same period.

"The investigation has found no evidence that the state-sponsored actor is now in Yahoo's network", the company said.

The internet giants said that information, including names, email addresses, phone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers had been stolen.

The lawsuit was filed at a United States federal court in San Jose, California, one day after Yahoo disclosed the hack, by what it believed was a "state-sponsored actor". That challenge just got more daunting after hackers stole sensitive information from at least 500 million accounts. It's mail service accounts for 225 million of those active users, CNET confirmed. The FBI said it was aware of the matter, and the US Secret Service was not immediately available for comment.

The Yahoo theft represents the most accounts ever stolen from a single email provider, according to computer security analyst Avivah Litan with the technology research firm Gartner Inc.

"It's going to be devastating; they're going to be dealing with this for a couple years", Crawford said. The ongoing investigation suggested that looted data did not include unprotected passwords or information associated with payments or bank accounts, the Silicon Valley company said.

Spokespeople with Yahoo! said they've begun sending out notifications to users whom they believe were hacked, as well as users who haven't changed their passwords in a long time. "Certain user account information have been stolen", the company said. Yahoo has notified that they are invalidating existing security questions of its users.

Yahoo advises users to review any suspicious activities, be cautious of any emails or websites asking for personal information and not click on links or download attachments from unknown senders. The lawsuit seeks class-action status and unspecified damages. "We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities", the company said in a statement.