You are using an older browser version. Please use a supported version for the best MSN experience.

Yahoo confirms over 500 million users affected in 2014 breach

Engadget logo Engadget 22/09/2016 Daniel Cooper
© Provided by Engadget

Yahoo has confirmed reports that it was the victim of a major hack in late 2014, which has led to some 500 million user accounts being compromised. The story first broke way back in August when a hacker known as Peace was promising to sell 200 million usernames, passwords, birthdates and email addresses for less than $2,000. At the time, Yahoo had refused to confirm or deny if the attack was legitimate to users, a delay which has given nefarious types almost two months head start on their prey.

In a statement posted to its investor relations site, Yahoo claims the massive hack was the act of a "state-sponsored" hacker and elaborates on the kind of data that party might have had access to.

"The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers," the statement reads. "The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected."

The news originally broke over at Re/code, whose sources said that the hack was so large that it was likely to prompt a government investigation. Given that the company is currently selling itself to (Engadget's parent company's parent company) Verizon, any negative consequences could harm the deal.

This is a developing story.

Yahoo Investor Relations

More from Engadget

image beaconimage beaconimage beacon