Yahoo Says Information on at Least 500 Million User Accounts Is Stolen
September 22 2016 - 3:10PM
Dow Jones News
By Anne Steele and Robert McMillan
Yahoo Inc. on Thursday disclosed a massive security breach
affecting at least 500 million users as the beaten-down internet
company works through the sale of its core business.
Yahoo said a copy of certain user account information --
including names, email addresses, telephone numbers, dates of
birth, hashed passwords and, in some cases, encrypted or
unencrypted security questions and answers -- was stolen from the
company's network in late 2014 by what it believes is a
state-sponsored actor.
Yahoo said it is notifying potentially affected users and has
taken steps to secure their accounts. The company, which is working
with law enforcement, said the ongoing investigation indicates that
stolen information didn't include unprotected passwords, payment
card data, or bank account information.
No evidence has been found to suggest the state-sponsored actor
is currently in Yahoo's network.
In August, a hacker named "Peace" appeared in online forums,
offering to sell 200 million of the company's usernames and
passwords for about $1,900 in total. Peace had previously sold data
taken from breaches at Myspace and LinkedIn Corp. A Yahoo spokesman
said at the time that the company was aware of the claim and was
"working to determine the facts."
In 2012, Yahoo had more than 1 billion user accounts in its
databases. User passwords were protected via a cryptographic
algorithm called MD5 which can be cracked using the latest
password-breaking techniques, said a source familiar with the
situation. The company in 2012 dealt with a data breach that
allowed a hacker group to download 453,000 unencrypted usernames
and passwords.
Verizon Communications Inc. in July agreed to buy Yahoo's Web
assets for $4.83 billion in cash, ending a drawn-out process for
the beleaguered internet company. The price, which includes Yahoo's
core internet business and some real estate, capped a remarkable
fall for the Silicon Valley web pioneer that had a market
capitalization of more than $125 billion at the height of the
dot-com boom in early 2000.
B. Riley & Co. analyst Sameet Sinha said the breach is
unlikely to affect terms of the Verizon deal.
"Data breaches have become part of doing business now," he said,
adding that LinkedIn still fetched a "nice" premium in June,
getting a $26.2 billion buyout deal from Microsoft Corp., following
the May disclosure that it had underestimated the broad impact of
its 2012 data breach.
Yahoo and Verizon will need to "provide extensive communications
and help to consumers to make sure passwords are changed quickly
and of course bolster their security," said Mr. Sinha.
Data breaches are on the rise in the U.S., affecting companies
from Target Corp. to Verizon Enterprise Solutions and putting
millions of users' information at risk. National nonprofit Identity
Theft Resource Center reported 687 breaches exposing about 28.8
million records through Sep. 20 this year. The Federal Bureau of
Investigation and cybersecurity experts say they're seeing a
notable increase in ransomware, but there appears to be no single
cause for the increase.
Write to Anne Steele at Anne.Steele@wsj.com and Robert McMillan
at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
September 22, 2016 14:55 ET (18:55 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Altaba (NASDAQ:AABA)
Historical Stock Chart
From Apr 2024 to May 2024
Altaba (NASDAQ:AABA)
Historical Stock Chart
From May 2023 to May 2024