Hackers swiped personal information associated with at least a half billion Yahoo accounts, the internet giant said Thursday, marking the biggest data breach in history.
The hack, which took place in 2014, revealed names, email addresses, phone numbers, birth dates and, in some cases, security questions and answers, Yahoo said in a press release. Encrypted passwords, which are jumbled so only a person with the right passcode can read them, were also taken.
The internet pioneer, which is in the process of selling itself to Verizon, said it’s “working closely” with law enforcement. It called the hackers a “state-sponsored actor,” though it didn’t identify a country behind the breach.
Yahoo urged users to change their passwords if they haven’t since 2014. The company has 1 billion monthly active users for all its internet services, which span finance, online shopping and fantasy football. Its mail service alone has about 225 million monthly active users, Yahoo told CNET in June.
The hack serves as a reminder of how widespread hacking is and highlights the vulnerability of passwords. Cybersecurity specialists recommend using a different password for each account you have on the internet. Other experts are working on alternatives to passwords, such as biometrics like your fingerprint or retina.
“Cyber criminals know that consumers use the same passwords across websites and applications, which is why these millions of leaked password credentials are so useful for perpetuating fraud,” said Brett McDowell, executive director of the FIDO Alliance, an organization that vets the security of password alternatives. “We need to take that ability away from criminals, and the only way to do that is to stop relying on passwords altogether.”
Verizon, which is paying $4.83 billion for Yahoo, said it was notified of the massive breach within the last two days. The telecommunications giant had “limited information and understanding of the impact,” according to a statement.
“We will evaluate, as the investigation continues, through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities,” Verizon said.
B. Riley & Co. analyst Sameet Sinha told The Wall Street Journalthe breach was unlikely to affect the sale to Verizon.
Virginia Sen. Mark Warner, a member of the newly formed Senate Cyber security Caucus, criticized Yahoo for not discovering the breach when it originally happened in 2014.