Yahoo Confirms 2014 Data Breach & 500M Users Affected


Recently, it came to light that a data breach that Yahoo suffered a few years back may have affected a very large number of users. The number had been speculated to be in the hundreds of millions of Yahoo users. Naturally, it was assumed that Yahoo would be making a statement of some sort in the near future to acknowledge the breach's scale and give some additional details. In a statement issued today, Yahoo came forward to not only acknowledge that a 2014 breach may have affected up to 500 million users, but to say that they believe that a "state-sponsored actor" was involved. Those terms were used very vaguely, with no specific "state" specified. This means that any number of elements could be implicated, and right now, Yahoo is "working closely with law enforcement" to figure out exactly who is responsible for the attack, the way it was perpetrated, and the reason for it.

The figure of 500 million possible affected users blows the original 200 million estimate from some sources out of the water, and given the timing, probably will not sit well with shareholders. In any case, Yahoo claims that they are being as diligent as possible in both investigating the breach and notifying affected users. According to Yahoo's statement, Yahoo has not specifically commented on the previous reports which suggested that some 200 million Yahoo accounts made their way into the hands of a dark web back market extraordinaire and were sold.

Yahoo is invalidating unencrypted security questions for users who seem to have been affected, and are asking any users who have not changed their password since 2014 to do so. Yahoo is also pushing a tool called "Yahoo Account Key", which is meant to replace the traditional password and provide a little bit of added security and reliability by having Yahoo's backend at its core, instead of relying on user memory. According to Yahoo, attacks by state-sponsored entities are on the rise in the tech industry, and a program that they launched in 2014 to seek out and notify users whose details were taken by such elements, has thus far resulted in the issuance of 10,000 individual breach notices. Yahoo is cautioning users to be extra careful with account security by keeping a sharp eye out for things like phishing attempts and unsolicited email attachments.

Share this page

Copyright ©2016 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments