Is our information safe after Yahoo data breach?
Yahoo just confirmed on Thursday that data "associated with at least 500 million user accounts" have been stolen in what may be one of the largest cybersecurity breaches ever.
The company said it believes a "state-sponsored actor", perhaps Russia or China, was behind the data breach, meaning an individual acting on behalf of a government.
The breach is said to have occurred in late 2014.
"The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers," Yahoo said in a statement.
Yahoo urges users to change their password and security questions and to review their accounts for suspicious activity.
The biggest relief for users is that sensitive financial data like bank account numbers and credit card data are not believed to be included in the stolen information, according to Yahoo.
Yahoo is working with law enforcement to learn more about the breach.
"The FBI is aware of the intrusion and investigating the matter," an FBI spokesperson said. "We take these types of breaches very seriously and will determine how this occurred and who is responsible. We will continue to work with the private sector and share information so they can safeguard their systems against the actions of persistent cyber criminals."
Yahoo originally said it was "aware of a claim" and was investigating the situation. Nearly two months later, it turns out the situation is even worse.
U.S. Sen. Richard Blumenthal called for tougher legislation to "make sure companies are properly and promptly notifying consumers when their data has been compromised."
"If Yahoo knew about the hack as early as August, and failed to coordinate with law enforcement, taking this long to confirm the breach is a blatant betrayal of their users' trust," he said in a statement.
The data breach comes at a sensitive time for Yahoo. Verizon (VZ, Tech30) agreed to buy Yahoo's core properties for $4.83 billion in late July, just days before the hack was first reported. The deal is expected to close in the first quarter of 2017. Verizon says it only learned of the breach this week.
We understand Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact."
The mega-breach could create a headache for both companies, including damaging press, scrutiny from regulators and a user exodus, just as they're working to close the deal and figure out the future of Yahoo.
