So…uh, this is not good. Very not good.
Hackers strongly believed to be state-sponsored swiped account records for 500 million Yahoo! webmail users. And who knew there were that many people using its email?
The troubled online giant said on Thursday that the break-in occurred in late 2014, and that names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers, were lifted.
This comes after a miscreant calling themselves Peace was touting copies of the Yahoo! account database on the dark web. At the time, in early August, Yahoo! said it was aware of claims that sensitive information was being sold online – and then today, nearly two months later, it alerted the world to the embarrassing security breach.
“We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” said Yahoo!’s chief information security officer Bob Lord on Tumblr today.
“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.
“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.”
Yahoo! says that it will email anyone they believe may be affected, so hopefully they get around to you before you get locked out of your account.
Even if you don’t have a Yahoo! account directly, you may still have something to worry about. I don’t know about other service providers, but here in Canada, Rogers uses Yahoo! to help run its email service and possibly still other features, so you might wanna change that password juuuuust in case.