Thursday, September 22, 2016

BREAKING Yahoo Reports Hackers Have Obtained Information on 500 Million Users

This is a developing story, return to this post for updates.


Yahoo says hack may have been state-sponsored.


From The Wall Street Journal:
Yahoo Inc. on Thursday disclosed a massive security breach by a “state-sponsored actor” affecting at least 500 million users...

Yahoo said a copy of certain user account information—including names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers—was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor.

Yahoo said it is notifying potentially affected users and has taken steps to secure their accounts by invalidating unencrypted security questions and answers so that they cannot be used to access an account and asking potentially affected users to change their passwords. The company, which is working with law enforcement, said the continuing investigation indicates that stolen information didn't include unprotected passwords, payment card data, or bank account information....

In August, a hacker named “Peace” appeared in online forums, offering to sell 200 million of the company’s usernames and passwords for about $1,900 in total. Peace had previously sold data taken from breaches at Myspace and LinkedIn Corp. A Yahoo spokesman said at the time that the company was aware of the claim and was “working to determine the facts.”


  1. How quickly will the pundits implicate Russia, Syria, Vladimir Putin, and therefore Donald Trump?

  2. How does one determine state sponsorship? That looks suspicious. Very similar to the predictable "Russia did it" claims. Has anyone else noticed that for a long time it was "China did it" and then suddenly it became "Russia did it" (in regards to hacks)? I'm sure the Chinese gave up on hacking at the same time Russia took it up.