Make us your home page
Instagram

Yahoo says hackers stole data on 500 million users in 2014

Yahoo has confirmed that at least 500 million user account credentials were stolen from the company’s network in late 2014.

Getty Images (2014)

Yahoo has confirmed that at least 500 million user account credentials were stolen from the company’s network in late 2014.

SAN FRANCISCO — Yahoo announced Thursday that the account information for at least 500 million users was stolen by hackers two years ago, in the biggest known intrusion of one company's computer network.

In a statement, Yahoo said user information — including names, email addresses, telephone numbers, birth dates, passwords and, in some cases, security questions — was compromised in 2014 by what it believed was a "state-sponsored actor." It did not name the country involved.

The company said that it is working with law enforcement officials and that it is invalidating existing security questions and asking users to change their passwords. Yahoo also encouraged people to review other online accounts for suspicious activity, change passwords and security questions on those accounts, and watch out for suspicious emails.

Verizon Communications is moving forward with a $4.8 billion acquisition of Yahoo, which was announced in July. It is unclear what effect, if any, the breach will have on Yahoo's sale price.

Yahoo said it learned of the data breach this summer after hackers posted to underground forums and online marketplaces what they claimed was stolen Yahoo data. A Yahoo team investigated the data and was unable to confirm that the stolen data had originated from a breach at Yahoo. But in investigating the security of its systems, the company discovered that there was another breach, by what it believes was a state-sponsored actor, that dated back to 2014.

Security experts say the breach could have major consequences.

"The stolen Yahoo data is critical because it not only leads to a single system but to users' connections to their banks, social media profiles, other financial services and users' friends and family," said Alex Holden, the founder of Hold Security, which has been tracking the flow of stolen Yahoo credentials on the underground Web.

Two years is an unusually long time to identify a hacking incident. According to the Ponemon Institute, which tracks data breaches, the average time it takes organizations to identify such an attack is 191 days, and the average time to contain a breach is 58 days after discovery. Security experts say the breach could bring about class-action lawsuits, in addition to other costs.

Yahoo says hackers stole data on 500 million users in 2014 09/22/16 [Last modified: Thursday, September 22, 2016 9:01pm]
Photo reprints | Article reprints

Copyright: For copyright information, please check with the distributor of this item, New York Times.
    

Join the discussion: Click to view comments, add yours

Loading...
  1. Expanded Belle Parc RV Resort lures travelers with plenty of amenities

    Business

    BROOKSVILLE — Imagine mid-mansion, upscale-enclave living. On wheels. The outcome is Belle Parc, an upwardly mobile, even luxury, RV retreat just north of Brooksville that opened Jan. 1 after two years undergoing expansion, uplift and amenity enrichment.

    A new welcome center is under construction, rear, at Belle Parc RV Resort, where lake sites are being completed, bringing the resort's capacity to 275 spacious park-and-stay slots.
 [Photo by Beth N. Gray]
  2. Memorial Day sales not enough to draw shoppers to Tampa Bay malls

    Retail

    TAMPA — Memorial Day sales at Tampa Bay area malls were not enough to compete with the beach and backyard barbecues this holiday weekend.

    Memorial Day sales weren't enough to draw shoppers to Tampa Bay area malls over the long weekend. 
[JUSTINE GRIFFIN | Times]
  3. Austin software company acquires second Tampa business

    Corporate

    Austin, Tex.-based Asure Software acquired Tampa's Compass HRM Inc. late last week for $6 million. Compass focuses on HR and payroll.

    [Company photo]
  4. Hackers hide cyberattacks in social media posts

    Business

    SAN FRANCISCO — It took only one attempt for Russian hackers to make their way into the computer of a Pentagon official. But the attack didn't come through an email or a file buried within a seemingly innocuous document.

    Jay Kaplan and Mark Kuhr, former NSA employees and co-founders of Synack, a cybersecurity company, in their office in Palo Alto, Calif., in 2013. While last year's hacking of senior Democratic Party officials raised awareness of the damage caused if just a handful of employees click on the wrong emails, few people realize that a message on Twitter or Facebook could give an attacker similar access to their system. 
[New York Times file photo]
  5. Big rents and changing tastes drive dives off St. Pete's 600 block

    Music & Concerts

    ST. PETERSBURG — Kendra Marolf was behind the lobby bar of the State Theatre, pouring vodka sodas for a weeknight crowd packed tight for Bishop Briggs, the latest alternative artist to sell out her club.

    Sam Picciano, 25, left, of Tampa and Molly Cord 24, Palm Harbor shop for record albums for a friend at Daddy Kool Records located on the 600 block of Central Avenue in St. Petersburg, Florida on Saturday, May 20, 2017. OCTAVIO JONES   |   Times