Yahoo has confirmed that half a billion users may have had their data stolen in what has been described as the ‘biggest data breach in history.’
Yahoo has confirmed that half a billion users may have had their data stolen in what has been described as the ‘biggest data breach in history’.
The company said it believes that the sensitive information – which includes names, email addresses, hashed passwords and phone numbers – was stolen from its network in late 2014 by a ‘state-sponsored actor’.
A statement from Yahoo added that is working closely with law enforcement to investigate the breach while notifying the affected users of how they can secure their accounts.
“We have confirmed, based on a recent investigation, that a copy of certain user account information was stolen from our network in late 2014 by what we believe is a state-sponsored actor,” reads the Silicon Valley company’s statement.
“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”
As noted by the BBC, the disclosure of the breach comes just two months after Yahoo announced it would sell its core internet business to Verizon for $4.8 billion. The telecoms giant said it had learned of the breach “within the last few days,” adding that it had “limited information.”
In a detailed FAQ on Yahoo’s website, the company advised users on how to find out whether they have been affected and what they can do to protect themselves.
“Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account,” reads the company’s advice.
Users have also been advised to be cautious of phishing scams looking to capitalise on the attack. The company has notified affected users via email, but, crucially, its communication does not contain links, attachments or request any personal information.