Yahoo user accounts have been compromised

    Yahoo announced in a blog post about the massive compromise of the credentials of users of its services. The results of the incident investigation showed that the compromise took place at the end of 2014 and resulted in the leakage of 500 million accounts. The peculiarity of this situation is that Yahoo assures that state-sponsored cyber groups are compromising their services.


    We have confirmed that a copy of certain user account information was stolen from the company network in late 2014 by what we believe is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

    Yahoo began the process of notifying users of compromised accounts with a special message. Also, to all users of services who have not changed their passwords since 2014, do this as soon as possible. The company assures that at the moment the attackers no longer have access to their services, however, how much time they could do this is not specified, therefore we recommend that all users of the service change their passwords.

    Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network. Yahoo is working closely with law enforcement on this matter.

    The answers to secret questions that should be changed have also been compromised.

    Also popular now: