On Thursday afternoon, Yahoo Inc. revealed disturbing results of a recent internal investigation.
The company confirmed via press release that “certain user account information”, including names, e-mail addresses, telephone numbers, dates of birth, and passwords, were stolen from its network in late 2014. The source, Yahoo believes, is a “state-sponsored actor.”
Although more specific details on the source of the breach have yet to be released, the magnitude of the hack lies in the sheer number of users affected. With an estimated 500 million Yahoo users affected, this data breach would rank as one of the biggest in history, topping the MySpace hack of 427 million member accounts uncovered earlier this year.
The breach was first identified in August after a hacker nicknamed “Peace” claimed to be selling Yahoo account credentials on the dark web. At the time, company officials estimated the hack’s impact to be around 200 million users, but as Recode notes, still did not call for users to reset their passwords.
“Well f**k them they don’t want to confirm well better for me they don’t do password reset,” Peace told Motherboard in August, referring to Yahoo’s original hesitancy to confirm the breach and its failure to issue password reset notices.
Yahoo’s hack comes at a pivotal point for the company, which recently sold its core internet operations and landholdings to Verizon Communications for $4.8 billion in July. While the deal is currently moving towards completion, some shareholders may be worried about increased liabilities in the transaction, and prices could adjust accordingly. Yahoo shareholders and a number of regulatory agencies must still approve the two companies’ integration before the deal is complete, and a breach of this size could disrupt the once well-laid plans.
Verizon has released a statement regarding the hack, claiming it has “limited information and understanding of the impact.”
— Bob Varettoni (@bvar) September 22, 2016
For the time being, Yahoo has encouraged users to change their passwords and update their security account settings. Yahoo will be notifying users who were potentially affected by the hack and will provide updates on the situation through their Account Security FAQ page.