Yahoo may have been the victim of one of the largest cybersecurity breaches ever, the company announced.
The company confirmed Thursday that information related to at least 500 million user accounts was stolen in 2014, in what the company believes could have been a “state-sponsored attack,” meaning that someone associated with a government could have been behind the breach, according to the Associated Press.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo wrote in a statement Thursday.
Yahoo urged users to change their password and security questions, and to look over their account for any signs of suspicious or unusual activity. The good news, however, is that the company doesn’t believe that sensitive financial information — such as bank account info or credit card numbers — were included in the stolen information, CNN reported.
Even if users don’t believe their email accounts contain sensitive information, cybersecurity experts disagree. Even with just a username and password, hackers could wreak havoc. According to a Gartner study, over 50 percent of users have the same password for multiple platforms — so, hackers with access to both an email address and a password could potentially break into more than just your Yahoo account, USA Today reported.
Yahoo said it was working with law enforcement officials on the breach. The first rumors that such an attack occurred surfaced back in August, when a hacker dubbed “Peace” claimed that they were selling data from Yahoo accounts on the dark web. Although Yahoo announced that he was aware of the incident, this announcement confirms that the actual situation is much worse than originally expected, according to CNN.
This announcement comes at a critical time for Yahoo, who is currently in the middle of completing a $4.8 billion sale of much of its internet business to Verizon, according to USA Today. The breach could create damaging media coverage and increased scrutiny for both Yahoo and Verizon. The latter company announced that they are aware of Yahoo’s breach, but have limited information about the scope and impact.