Data from at least 500 million Yahoo users was "stolen" during an attack in 2014, the internet company has said.
It said the hack may have been "state-sponsored" but "the investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network".
Yahoo said it was working "closely with law enforcement" over the breach.
The stolen data may have included names, email addresses, phone numbers, dates of birth, hashed passwords and, in some cases, security questions and answers.
It did not include unprotected passwords, payment card data or bank account information, the company said.
Alex Holden, founder of Hold Security, which has been tracking the flow of stolen Yahoo credentials on the underground web, told the New York Times the attack was "one of the biggest breaches of people's privacy and very far reaching".
"The stolen Yahoo data is critical because it not only leads to a single system but to users' connections to their banks, social media profiles, other financial services and users' friends and family," Mr Holden added.
Previously, the biggest breach was thought to have been the MySpace hack, which was revealed earlier this year and affected 360 million users.
Users who might be affected by the Yahoo attack will be notified, asked to change their passwords and to use other ways of verifying their account.
The company says the breach happened late in 2014 but was only recently found as part of an internal investigation.
It is not clear how the news will affect Yahoo's plans to sell its email service and other core internet properties to Verizon Communications.
The $4.8bn (£3.7bn) deal was announced in July but Verizon has said it was only told of the data breach in the last two days.
In a statement, Verizon said: "We will evaluate as the investigation continuesthrough the lens of overall Verizon interests ... Until then, we are not in position to further comment."
The deal is expected to close in the first quarter of next year, which may give them some room to renegotiate the purchase price or even to walk away.
No comments:
Post a Comment