Make us your home page
Instagram

Yahoo says hackers stole data on 500 million users in 2014

Yahoo has confirmed that at least 500 million user account credentials were stolen from the company’s network in late 2014.

Getty Images (2014)

Yahoo has confirmed that at least 500 million user account credentials were stolen from the company’s network in late 2014.

SAN FRANCISCO — Yahoo announced Thursday that the account information for at least 500 million users was stolen by hackers two years ago, in the biggest known intrusion of one company's computer network.

In a statement, Yahoo said user information — including names, email addresses, telephone numbers, birth dates, passwords and, in some cases, security questions — was compromised in 2014 by what it believed was a "state-sponsored actor." It did not name the country involved.

The company said that it is working with law enforcement officials and that it is invalidating existing security questions and asking users to change their passwords. Yahoo also encouraged people to review other online accounts for suspicious activity, change passwords and security questions on those accounts, and watch out for suspicious emails.

Verizon Communications is moving forward with a $4.8 billion acquisition of Yahoo, which was announced in July. It is unclear what effect, if any, the breach will have on Yahoo's sale price.

Yahoo said it learned of the data breach this summer after hackers posted to underground forums and online marketplaces what they claimed was stolen Yahoo data. A Yahoo team investigated the data and was unable to confirm that the stolen data had originated from a breach at Yahoo. But in investigating the security of its systems, the company discovered that there was another breach, by what it believes was a state-sponsored actor, that dated back to 2014.

Security experts say the breach could have major consequences.

"The stolen Yahoo data is critical because it not only leads to a single system but to users' connections to their banks, social media profiles, other financial services and users' friends and family," said Alex Holden, the founder of Hold Security, which has been tracking the flow of stolen Yahoo credentials on the underground Web.

Two years is an unusually long time to identify a hacking incident. According to the Ponemon Institute, which tracks data breaches, the average time it takes organizations to identify such an attack is 191 days, and the average time to contain a breach is 58 days after discovery. Security experts say the breach could bring about class-action lawsuits, in addition to other costs.

Yahoo says hackers stole data on 500 million users in 2014 09/22/16 [Last modified: Thursday, September 22, 2016 9:01pm]
Photo reprints | Article reprints

Copyright: For copyright information, please check with the distributor of this item, New York Times.
    

Join the discussion: Click to view comments, add yours

Loading...
  1. No toll lanes north of downtown Tampa in three of four interstate proposals

    Transportation

    TAMPA — Express lanes may not be coming to downtown Tampa after all. Or at least not to the stretch of Interstate 275 that goes north through Bearss Avenue.

    Seminole Heights resident Kimberly Overman discusses the new interstate options with V.M. Ybor resident Chris Vela (left), Hillsborough County Commissioner Pat Kemp and HNTB consultant Chloe Coney during a Tampa Bay Express meeting Monday night at the Barrymore Hotel. [CAITLIN JOHNSTON  |  Times]
  2. Pinellas grants St. Pete's request to add millions to pier budget

    Local Government

    Times Staff Writer

    The Pinellas County Commission has granted St. Petersburg Mayor Rick Kriseman's request to dedicate millions more toward the city's new pier.

    The St. Petersburg City Council on Thursday  voted 7-1 to appropriate $17.6 million for the over-water portion of the Pier District. This is a rendering of what the new Pier District could look like. [Courtesy of St. Petersburg]
  3. Pinellas licensing board loses support for staying independent

    Local Government

    CLEARWATER –– The Pinellas County Construction Licensing Board on Monday lost its strongest supporter for staying independent.

    State Sen. Jack Latvala, a Clearwater Republican running for governor, said Monday that he will no longer support any legislation to keep the Pinellas County Construction Licensing Board independent. This photo was taken in August. [SCOTT KEELER | Tampa Bay Times]
  4. Triad Retail Media names Sherry Smith as CEO

    Corporate

    ST. PETERSBURG — Triad Retail Media, a St. Petersburg-based digital ads company, said CEO Roger Berdusco is "leaving the company to pursue new opportunities" and a member of the executive team, Sherry Smith, is taking over.

    Sherry Smith is taking over as CEO at Triad Retail Media, the company announced Monday. | [Courtesy of Triad Retail Media]
  5. Two new condo projects for same street in downtown St. Pete

    Real Estate

    ST. PETERSBURG — It lacks the panache and name recognition of Beach Drive, but 4th Avenue N in downtown St. Petersburg is becoming a condo row in its own right.

    Bezu, a condo project planned at 100 Fourth Ave. NE in downtown St. Petersburg, will have 24 units including a three-level penthouse with infinity pool.
[Courtesy of Clear ph Design]