Yahoo officially confirmed on Thursday that the data of at least 500 million user accounts were stolen, confirming one of the biggest security threats ever after years of speculation through a statement on its website.
Yahoo confirmed that the user information was stolen from the company’s network “at the end of 2014, the fact that it considered a state-sponsored actor.” The company suggests the stolen information may include personal accounts such names, email addresses, phone numbers, dates of birth, hashed passwords (most with Bcrypt) and even security questions and answers.
Ongoing research also revealed that unprotected passwords, payment card and bank account information were not included in the stolen information, as this information is not stored on an affected system. Yahoo said the company is working with law enforcement agencies for further investigation of the case and found no evidence that state-sponsored actor is currently in its network.
The Verizon, company that acquired the core business of Yahoo’s at $4.83 billion in July, made a statement that it learned only a breach “in the last two days,” according to USA Today.
“We understand that Yahoo is actively investigating this issue, but we are otherwise limited information and understanding of the impact”, the Verizon said.