Yahoo reported on Thursday that at least 500 million user account credentials were stolen sometime in 2014.
Biggest of all time
A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company's network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. — Yahoo
The hacking of 500 million accounts would be biggest of all time. Yahoo is in the process of notifying potentially affected users and said it has taken steps to secure their accounts. Yahoo is urging users to change their passwords and security questions.
Rumors surfaced during the summer of breach
Rumors surfaced this summer that a hacker who goes by the name “Peace” was trying to sell data from some 200 million Yahoo users. At the time, Yahoo said it was aware of the rumors and was investigating the situation. Yahoo made reference to a “state-sponsored actor” in its statement, but provided no additional details as to who that might be.
Sale to Verizon pending
The news of the massive hack comes at an inopportune time for Yahoo. Last July, Verizon agreed to buy Yahoo’s core assets for about $5 billion with the deal set to close in early 2017. Verizon said that it had only been notified of the “incident” within the past two days. It is unclear how this might affect the sale to Verizon, but it’s possible that Verizon might feel that Yahoo has been significantly damaged by the incident and seek to renegotiate or cancel the terms of the sale.