Yahoo! Inc. (NASDAQ:YHOO) has has confirmed a Yahoo data breach that resulted in user information being stolen.
The company claims that the Yahoo data breach was conducted by a state-sponsored actor and that information from at least 500 million of its users’ accounts was stolen in late 2014. It doesn’t believe that the hacker is still in its system.
The possibly stolen information in the Yahoo data breach includes the following:
- Names
- Email Addresses
- Telephone Numbers
- Dates of Birth
- Hashed Passwords
- Encrypted Security Questions
- Unencrypted Security Questions
- Encrypted Security Question Answers
- Unencrypted Security Question Answers
What wasn’t stolen in the Yahoo data breach was “unprotected passwords, payment card data, or bank account information.” The company said that payment card data and bank account information aren’t stored on the system that was hit by the hacker.
Yahoo is working with authorities to get to the bottom of the data breach. It has also started letting affected users know about the hack. The company is also invalidating unencrypted security questions and answers so that they can’t be used.
Yahoo is recommending that any of its users that haven’t changed passwords since 2014 to change them. It is also suggesting that users reset their security questions and answers, as well as keep an eye out for suspicious activity.
News that a Yahoo data breach announcement was coming started on Thursday. Insider sources claimed that the company would make the announcement this week. At the time, it was thought that the data breach was connected to a hacker named “Peace” that was selling information for 200 million accounts in August.
YHOO stock was down 1% as of Firday morning.
