Yahoo has recently confirmed that it had been subject of a massive hacking attack that exposed the data of over 500 million users. The company noted that this does not involve credit card information.
According to previous reports, a hacker may have stolen as many as 200 million user accounts, possibly many more, and is selling them online with passwords and date of birth.
In early August, Yahoo launched an investigation into the breach after someone offered to sell a data dump of over 200 million Yahoo accounts on an underground market, including usernames, easy-to-crack password hashes, dates of birth and backup email addresses.
The company has since determined that the breach is real and that it’s even worse than initially believed, news website Recode reported recently, citing unnamed sources familiar with the investigation.
Yahoo is blaming the breach on an unnamed “state-sponsored actor.” Although it’s still unclear how the hack was pulled off, the stolen data includes names, email addresses, telephone numbers and hashed passwords.
The confirmation came at a critical time for the Internet company especially with the on-going $4.8 billion sale of its core internet operations to Verizon; the deal has yet to be approved by regulators. The announcement has huge implications on Yahoo’s pending deal as sources at Verizon said they were unaware of the severity of the attack until recently and that CEO Marissa Mayer and others did not flag them as to the extent of the issue in the bidding process.