SAN FRANCISCO, CALIFORNIA - Yahoo confirmed Thursday that account information from upwards of half a billion user accounts were stolen from the company’s network in late 2014 by what the company called “a state-sponsored actor.”
According to a release from the company, the account information may have included: names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers.
Yahoo said it doesn’t believe the information included unprotected passwords, payment card data, or bank account information because that information isn’t stored in the system that the company reportedly found to be impacted by the hack.
- The company said users should do the following things:
- Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account
- Review your accounts for suspicious activity
- Be cautious of any unsolicited communications that ask for any personal information or refer you to a web page asking for personal information
- Avoid clicking on links or downloading attachments from suspicious emails
According to the company’s statement, it has invalidated unencrypted security answers and questions and that it is working with law enforcement on the matter.
Yahoo also posed a website with FAQ’s on the security breach which can be found by clicking here.