Yahoo lost information on 500 million user accounts to a hacker who stole the data in 2014, the company reported on Thursday.
That information includes names, email addresses, telephone numbers, dates of birth, and security questions and answers, and includes both encrypted and unencrypted data.
Claims about the hack began circulating in August after a hacker named “Peace” was found trying to sell information on millions of accounts over the “dark web” for about $1,800.
In a press release, the company blamed a foreign government. “A recent investigation by Yahoo! has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” the release said.
Related Story: http://www.washingtonexaminer.com/article/2579031
“The investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network,” the company said, without describing what would have caused the hacker to vanish, or why a foreign government would have been trying to sell the information on the Web.
“Yahoo is notifying potentially affected users and has taken steps to secure their accounts,” the company added. “These steps include invalidating unencrypted security questions and answers so that they cannot be used to access an account and asking potentially affected users to change their passwords. Yahoo is also recommending that users who haven’t changed their passwords since 2014 do so.”
The company said it is “working closely with law enforcement” to find more answers.
