Make us your home page
Instagram

Yahoo says hackers stole data on 500 million users in 2014

Yahoo has confirmed that at least 500 million user account credentials were stolen from the company’s network in late 2014.

Getty Images (2014)

Yahoo has confirmed that at least 500 million user account credentials were stolen from the company’s network in late 2014.

SAN FRANCISCO — Yahoo announced Thursday that the account information for at least 500 million users was stolen by hackers two years ago, in the biggest known intrusion of one company's computer network.

In a statement, Yahoo said user information — including names, email addresses, telephone numbers, birth dates, passwords and, in some cases, security questions — was compromised in 2014 by what it believed was a "state-sponsored actor." It did not name the country involved.

The company said that it is working with law enforcement officials and that it is invalidating existing security questions and asking users to change their passwords. Yahoo also encouraged people to review other online accounts for suspicious activity, change passwords and security questions on those accounts, and watch out for suspicious emails.

Verizon Communications is moving forward with a $4.8 billion acquisition of Yahoo, which was announced in July. It is unclear what effect, if any, the breach will have on Yahoo's sale price.

Yahoo said it learned of the data breach this summer after hackers posted to underground forums and online marketplaces what they claimed was stolen Yahoo data. A Yahoo team investigated the data and was unable to confirm that the stolen data had originated from a breach at Yahoo. But in investigating the security of its systems, the company discovered that there was another breach, by what it believes was a state-sponsored actor, that dated back to 2014.

Security experts say the breach could have major consequences.

"The stolen Yahoo data is critical because it not only leads to a single system but to users' connections to their banks, social media profiles, other financial services and users' friends and family," said Alex Holden, the founder of Hold Security, which has been tracking the flow of stolen Yahoo credentials on the underground Web.

Two years is an unusually long time to identify a hacking incident. According to the Ponemon Institute, which tracks data breaches, the average time it takes organizations to identify such an attack is 191 days, and the average time to contain a breach is 58 days after discovery. Security experts say the breach could bring about class-action lawsuits, in addition to other costs.

Yahoo says hackers stole data on 500 million users in 2014 09/22/16 [Last modified: Thursday, September 22, 2016 9:01pm]
Photo reprints | Article reprints

Copyright: For copyright information, please check with the distributor of this item, New York Times.
    

Join the discussion: Click to view comments, add yours

Loading...
  1. The real estate pros in charge of Tampa's $3 billion makeover are younger than you think

    Working Life

    TAMPA — Brooke May, a 36-year-old senior construction project manager, knew she wanted to work for Strategic Property Partners the minute she met some team members involved with the group's massive downtown Tampa makeover.

    Matt Davis, Vice President of Development posed for a portrait in the Strategic Property Partners office in Channelside on July 12, 2017, in Tampa, Fla. [MONICA HERNDON   |   Times]
  2. St. Pete Beach may loosen beach drinking rules for hotel guests

    Local Government

    ST. PETE BEACH — Drinking a beer, a cocktail or a glass of wine may soon be legal on this city's beaches, but only for hotel guests in and around their hotel's beachfront cabanas.

    Registered hotel guests would be able to drink alcoholic beverages at their cabanas on the beach under a new rule the St. Pete Beach City Commission is considering.  

  3. PunditFact: George Will's comparison of tax preparers, firefighters based on outdated data

    Business

    The statement

    "America has more people employed as tax preparers (1.2 million) than as police and firefighters."

    George Will, July 12 in a column

    The ruling

    WASHINGTON - JANUARY 08: Conservative newspaper columnist George Will poses on the red carpet upon arrival at a salute to FOX News Channel's Brit Hume on January 8, 2009 in Washington, DC. Hume was honored for his 35 years in journalism. (Photo by Brendan Hoffman/Getty Images)
  4. Appointments at Shutts & Bowen and Tech Data highlight this week's Tampa Bay business Movers & Shakers

    Business

    Legal

    Retired U.S. Navy Commander Scott G. Johnson has joined Shutts & Bowen LLP in its Tampa office as a senior attorney in the firm's Government Contracts and Corporate Law Practice Groups. Johnson brings 15 years of legal experience and 24 years of naval service to his position. At Shutts, Scott will …

    United States Navy Commander (Retired) Scott G. Johnson joins Shutts & Bowen LLP in its Tampa office. [Company handout]
  5. Macy's chairman replaces ex-HSN head Grossman on National Retail Federation board

    Retail

    Terry Lundgren, chairman of Macy's Inc., will replace Weight Watchers CEO Mindy Grossman as chair of the National Retail Federation, the organization announced Wednesday. Grossman stepped down from her position following her move from leading St. Petersburg-based HSN to Weight Watchers.

    Weight Watchers CEO and former HSN chief Mindy Grossman is being replaced as chair of the National Retail Federation. [HSN Inc.]