Yahoo has disclosed a “state-sponsored” hacker broke into its system in late 2014, compromising the account information of at least 500 million users in the largest data breach ever of a single company’s network.
The account information may have included names, email addresses, telephone numbers, dates of birth, scrambled passwords, and some encrypted and unencrypted security questions and answers. Yahoo said in a statement that the hacker did not steal unprotected passwords or credit card and bank account information but The New York Times said the hack has “far-reaching implications” for consumers.
“The stolen Yahoo data is critical because it not only leads to a single system but to users’ connections to their banks, social media profiles, other financial services and users’ friends and family,” Alex Holden, the founder of Hold Security, told the Times.
The breach far surpasses that of Target in 2013, which affected more than 100 million customers, and another at eBay in 2014 that affected its 148 million customers.
“A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” Yahoo said.
The technology firm did not clarify why it took nearly two years to discover the hack. News of a possible major attack on Yahoo emerged in August when a hacker known as “Peace of Mind” was apparently attempting to sell information on 200 million Yahoo accounts.
“After looking into that data, Yahoo did not find evidence that the stolen credentials came from its own systems,” the Times reported. “But it did find evidence of a far more serious breach of its systems two years earlier.”
The hack may also have an impact on Verizon’s pending $4.8 billion takeover of Yahoo, according to Scott Vernick, an attorney specializing in data security for the law firm Fox Rothschild.
“This is going to slow things down,” he told the Los Angeles Times. “There is going to be a lot of blood, sweat and tears shed on this.”