Confirmed: A hacker accessed records of more than 500 million Yahoo accounts

yahoo 500 million accounts hacked on tablet
Following reports Thursday morning of a massive Yahoo security breach, the embattled internet giant confirmed the worst this afternoon: personal records associated with hundreds of millions of accounts had been compromised in one of the worst cybersecurity breaches this year. According to a statement on a Yahoo FAQ webpage, a “state-sponsored actor” scraped the names, email addresses, telephone numbers, dates of birth, and passwords associated with more than 500 million Yahoo accounts as recently as 2014.

Yahoo said there is no evidence the responsible party still had access to its network or internal services. Furthermore, it said not all accounts were compromised, and that some details, such as bank account numbers and credit card data, do not appear to have been targeted. But the company said that out of an abundance of caution, it had taken steps to inform affected users of the breach and invalidated unencrypted passwords and security questions. It also urged account holders who had not changed their passwords since 2014 to do so, and encouraged all Yahoo users to change their security questions and answers and review their accounts for “suspicious activity.”

Yahoo said that it was working with law enforcement and that an investigation of the breach was ongoing.

The Wall Street Journal, citing an unnamed source within the company, reported that Yahoo’s databases contained well north of one billion user accounts, and that passwords were protected with an encryption scheme — MD5 — that would have required the latest password-breaking techniques to compromise. In an FAQ published Thursday afternoon, Yahoo said that its hashing method, or one-way mathematical function responsible for obfuscating data, was chosen for its proven robustness against “password cracking” and reliability. “[It’s] a … mechanism that incorporates security features … including … multiple rounds of computation,” Yahoo said.

Rumors of massive security breach emerged as early as August when a hacker, identified by the username Peace, offered to sell 200 million Yahoo usernames and passwords for $1,900 in online forums. The suspected cybercriminal is widely believed to have engineered the sale of stolen data from high-profile networks like LinkedIn and Myspace — reportedly to the collective tune of between $50,000 and $60,000 — and has been implicated in hacks of European social networking site VK, Fling, Dropbox, Tumblr, OK.ru, Twitter, and Facebook.

At the time, a Yahoo representative said the company was aware of the incident and was “working to determine the facts.”

It is not the first time Yahoo suffered a large-scale security breach. In 2012, a group of unscrupulous programmers known as D33D Company managed to download 453,000 unencrypted usernames and passwords belonging to Yahoo Voices, a self-publishing service. Following the infiltration, Yahoo fixed the vulnerability that led to the breach, changed affected users’ passwords and dispatched notifications to companies with accounts that might have been compromised.

As of late, Yahoo has made strides in the area of security. Last year, as part of a separate effort to beef up the network’s broader security, the company deployed a service that automatically detects and notifies users when it suspects their account may have been targeted by a state-sponsored actor. It encouraged affected users to turn on Account Key, Yahoo’s passcode-free login service, activate two-step verification, to choose a strong, unique password. and to review recent activity in account settings.

Yahoo said that before Thursday’s breach, roughly 10,000 users had received an alert via the service.

It is unclear how Thursday’s disclosure will affect the $4.83-billion sale of Yahoo’s core assets to internet service provider and budding content mogul Verizon. “We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities,” a Verizon spokesperson said on Thursday.

As of publication, shares of Yahoo had fallen 0.3 percent to $44.02, while shares of Verizon had climbed one percent to $52.39.

The breach is yet another blemish on Yahoo President and CEO Marissa Mayer, who has struggled to turn the beleaguered Silicon Valley company around since its height in early 2000. Yahoo’s web properties, despite attracting more than 200 million U.S. monthly visitors in the past year, reported an 11 percent year-over-year decline in revenue during the company’s most recent earnings call. And Yahoo laid off 1,000 employees, or about 10 percent of its workforce, in the first quarter of 2016.

Analysts blame a failure to capitalize on mobile — and ballooning investments. In the first quarter of 2016, Yahoo made $250 million in revenue from smartphone and tablet users; Facebook, in contrast, made $4.5 billion in the fourth quarter of 2015.  The company’s capital expenditures, driven by substantial investments such as streaming licenses for National Football League broadcasts and the purchase of shopping site Polyvore, climbed an average of 21 percent in 2015.

But Yahoo’s advertising business remains one of the web’s largest. This year, the company is expected to generate $2.83 billion in profit on a 1.5 percent share of the online market. Yahoo Japan, an Asian culture web portal that is the product of a joint venture between Yahoo and Japanese internet company SoftBank Group, has been appraised at nearly $9 billion. Yahoo’s other ventures, which include online publications like Yahoo Tech and Yahoo Finance, are worth an estimated $5 billion to $8 billion.


Latest Facebook bug exposed up to 6.8 million users’ private photos

An API bug recently left an impact on Facebook users. Though the issue has since been fixed, some of the apps on the platform had a wrongful access to consumers photos for 12 days between September 13 and September 25. 

These are the worst passwords of 2018. Is yours on this list?

Do you use a bad password that makes your online accounts easy to break into? SplashData has compiled a list of the top 100 worst passwords for 2018 and there are quite a few listings that were carryovers from prior lists.

Apple's iOS 12.1.1 makes it easier to switch cameras in FaceTime

After months of betas, the final version of iOS 12 is here to download. The latest OS comes along with tons of new capabilities, from grouped notifications to Siri Shortcuts. Here are all the features you'll find in iOS 12.

Google+ continues to sink with a second massive data breach. Abandon ship now

Google+ was scheduled to shut its doors in August 2019, but the second security breach in only a few months has caused the company to move its plan forward a few months. It might be a good idea to delete your account sooner than later.

From beautiful to downright weird, check out these great dual monitor wallpapers

Multitasking with two monitors doesn't necessarily mean you need to split your screens with two separate wallpapers. From beautiful to downright weird, here are our top sites for finding the best dual monitor wallpapers for you.

Google Translate updated to reduce gender bias in its translations

Google is changing how Google Translate offers translations. Previously when you entered a word like doctor, Translate would offer a masculine interpretation of the word. Now, Translate will offer both masculine and feminine versions.

Encryption-busting law passed in Australia may have global privacy implications

Controversial laws have been passed in Australia which oblige tech companies to allow the police to access encrypted messages, undermining the privacy of encryption with potentially global effects.

Can Microsoft’s Airband Initiative close broadband gap for 25M Americans?

A new report from the Federal Communications Commission (FCC) says that 25 million Americans do not have access to broadband internet. Of these, more than 19 million are living in rural communities. Can Microsoft help out?

Microsoft’s Chromium Edge browser may be adding your Chrome extensions

Fans sticking to Google Chrome because due to its vast extension library might be able to switch over to Microsoft's latest iteration of Edge, as a project manager confirms that the company has its eyes on Chrome extensions.

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.
Social Media

‘YouTube Rewind 2018’ is about to become its most disliked video ever

YouTube is about to achieve a record it really doesn't want — that of "most-disliked video." Yes, its annual recap of featuring popular YouTubers has gone down really badly this year.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.

5G: Why everything is about to change

Curious about the many ways 5G will change and enrich your life? Here’s our guide to all things 5G.

Firefox 64 helps keep your numerous tabs under control

Mozilla officially launched Firefox 64 by placing new features into the laps of its users including new tab management abilities, intelligent suggestions, and a task manager for keeping Firefox's power consumption under control.