This story now
IN Science & Technology ON
Yahoo confirmed the biggest cyber breaching recently. The Internet giant said that it was the largest data breach in history. The hack took place in 2014; hackers exposed the most secret passcodes also with the data.
Read the ownership: Verizon Acquires Yahoo, $4.8 Billion Deal
The breach has exposed approx 500 million accounts' including names, email addresses, phone numbers & dates of birth. Even they revealed the security questions and answers of some accounts.
Yahoo urged their users to change the passwords asap. They have more than 1 billion monthly active users and Yahoo alone has near 225 million monthly active users. CNET updated.
"Cybercriminals know that consumers use the same passwords across websites and applications, which is why these millions of leaked password credentials are so useful for perpetuating fraud." said Brett McDowell.
The hack itself is not an exactly news. On August 1, Motherboard's Joseph Cox reported that someone a cybercriminal known as "Peace" or "Peace of Mind" was claiming to be selling hundreds of millions of Yahoo passwords on the dark net. Cox obtained a small portion of the data around 5,000 logins. After the tests, he found that they were real accounts.
"We will evaluate, as the investigation continues, through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities," Verizon said.
"A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company's network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network. Yahoo is working closely with law enforcement on this matter." -An official statement by Yahoo.
Why Yahoo confirmed this after this much period? Why didn't they tell this earlier?