Yahoo has admitted that a cyber-attack that took place in 2014 stole data from around 500 million user accounts, 300 million more than it originally admitted to in August.
The news broke a new record for what may be the largest publicly disclosed hack in history.
Information accessed and stolen in the 2-year-old security breach included emails, names, and “unencrypted security questions and answers”. However, no credit card data was stolen, an official response from Yahoo said. Yahoo have said that they believe the breach to have been ‘state sponsored,’ which seems somewhat incongruent with available media reports at the time of writing. The FBI has though confirmed it is investigating the attack.
Yahoo was sold to US giant Verizon for $4.8bn earlier this year.
News of the cyber-attack was reported on by FileHippo back in August when a hacker by the name of ‘Peace’ listed the alleged account details for 200 million Yahoo users for sale on the Dark Web for the bargain price of 3 bitcoins, an amount equivalent to just under US$2000.
The same hacker had been previously linked to the sale of huge tranches of user details from other sites such as Myspace and LinkedIn. ‘Peace; stated that the data for sale was most likely to have come from 2012.
The data was uploaded to The Real Deal site and included details such as usernames dates of birth, and in some instances, back up email addresses, and for US users, their zip codes.
Yahoo has recommended that all users should change their passwords if they have not done so since 2014, and even if they no longer use a Yahoo email account.
“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected,” Yahoo said on their website… “Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account.”