Yahoo! Warns 500 Million Users Of 2-Year-Old Hack

An estimated 500 million users of Yahoo's browser, email and other online services may have had their personal digital information stolen two years ago during a hack the company is just now disclosing.

A recent investigation by Yahoo! Inc. confirms that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor.

Hackers may have gained user names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers, the company said in a news release Thursday. Payment card data and bank account information do not appear to have been stolen, says the internet giant, because that information is stored in another system that was not compromised.

Yahoo! says it has taken steps to secure the affected accounts by invalidating unencrypted security questions and answers so that they cannot be used to access an account and asking potentially affected users to change their passwords. Yahoo is also recommending that users who haven’t changed their passwords since 2014 do so.

Users should review their online accounts for suspicious activity and change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account. To be cautious, you might use Yahoo Account Key, an authentication tool that eliminates the need to use a password altogether.

Find more information on the Yahoo Security Issue FAQs page.

»Patch file photo