Yahoo Confirms Massive Data Breach Of At Least 500 Million User Accounts, Suspects 'State Actor'

Yahoo confirmed Thursday in a press release that user account data was breached in 2014, and it believes that a "state actor" is responsible for the hack.

According to the California-based company's own investigation, "The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers."

Users should monitor their accounts for suspicious activity and update their passwords and security questions, including in any accounts in which they used information similar to their Yahoo accounts, the company said.

"Unprotected passwords," payment account information, and bank account information are unlikely to have been leaked in the breach. However, the company advises that any users who haven't changed their password since 2014 should do so now. It will also notify particular users it believes to be at risk.

"Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry," the statement reads. "Yahoo and other companies have launched programs to detect and notify users when a company strongly suspects that a state-sponsored actor has targeted an account."

As the Wall Street Journal reported, the hack could be the biggest of all time. If the 500 million accounts claim is accurate, it would easily surpass the previous record-holder from a hack of the social network Myspace, which once had a 427 million user account breach, according to Business Insider.

The company reports that it is working with the government on this matter. No particular country has been singled out as responsible for the breach.

According to USA Today, a hacker named Peace was reported to be selling usernames, passwords and dates of birth from Yahoo accounts back in August.

Verizon, which recently agreed to buy Yahoo for $4.8 billion, said in a statement that it had "limited information and understanding of the impact" of the breach. The deal is set to be closed by the end of the year.

"We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities," it said.

Verizon has also agreed to purchase AOL, which has an ownership stake in Patch.

Yahoo's business has struggled in recent years. An early giant during the dot-com boom, it was long since surpassed in prominence by Google, Amazon, Facebook and others. While still a valuable company, today's announcement, though anticipated, is hardly an encouraging sign for its future prospects.

In addition to Myspace, LinkedIn and Dropbox also announced that they had been hit by large-scale data breaches this year.

The Democratic National Committee was also hacked this year, resulting in some compromising public leaks of unseemly emails. Investigators of that leak believed the Russian government was responsible for the attack, but the Kremlin has denied any connection. Recent reports suggested that the Republican Party's data may also have been hacked.

Photo credit: Christian Barmala via Flickr