State-Sponsored Hacker Behind 2014 Stealing of Customer Data
Yahoo! Inc. (NASDAQ:YHOO) has reported a massive data breach in its system that occurred in late 2014, in which hackers got access to 500-million user accounts, stealing their e-mail addresses, telephone numbers, dates of birth, and hashed passwords.
The data breach, which was sponsored by “state-sponsored actors,” did not include unprotected passwords, payment card data, or bank account information, the company said in a statement on its web site. (Source: “An Important Message to Yahoo Users on Security,” Yahoo! Inc., September 22, 2016.)
“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network,’’ the statement reads, adding that, “Yahoo is working closely with law enforcement on this matter.” (Source:Ibid.)
Yahoo stock was trading down less than a half-percent lower in New York during late afternoon trading, suggesting that investors didn’t take the news too negatively.
Yahoo said it was in the process of notifying affected account holders and advised its users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use similar information as their Yahoo! account.
Verizon Communications Inc. (NYSE:VZ), the future owner of Yahoo’s web assets, said that Yahoo had notified the company on this data breach, but that it has a “limited information and understanding of the impact,” according to the company statement. It also said that they, ““will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities.”
Verizon bought Yahoo for $4.8 billion in July, hoping to benefit from the company’s over one billion monthly active users, which includes 600 million active mobile users.