On Thursday, Yahoo Inc said that information of at least 500 million user accounts was stolen from its network in 2014. Yahoo said that data stolen may have included email addresses, telephone numbers, dates of birth, encrypted passwords, and names but that unprotected passwords, bank account information and payment card data did not appear to have been compromised.
Well-known Cryptologist – Bruce Scheier said that this is the biggest data breach ever.
Bruce said that it was too early to say that what impact the breach might have on Yahoo and its users because many questions remain, including the identity of the hackers behind it.
Three US intelligence officials declined to be identified by name and said that they believed the attack was state-sponsored because of its resemblance to previous hacks traced to Russian intelligence agencies or hackers acting at their direction.
Yahoo Inc said that it was working with law enforcement on the matter. The Federal Bureau of Investigation(FBI) said that it was aware of the matter and the U.S. Secret Service was not available for comment.
Yahoo said that the investigation has found no evidence that the state-sponsored actor is currently in the network of Yahoo.
After the news of data breach, the shares of Yahoo stock were barely changed for the day, while shares of Verizon Communications, which has agreed to buy the Internet business of Yahoo company, were up about 1%.
It was not clear how this disclosure might affect the deal of Yahoo with Verizon Communications.
Verizon announced an agreement in the month of July to buy the core internet properties of Yahoo Inc for $4.83 billion. In a statement, Verizon said that it was made aware of the breach within the last two days and had limited information about the matter.
The company said that we will evaluate as the investigation continues through the lens of overall Verizon interests, including shareholders, customers, consumers, and related communities.
Technology website – Recode first reported on Tuesday that Yahoo Inc planned to disclose the details about a data breach affecting hundreds of millions of users.
On 1st August, technology news site – Motherboard said that a cyber criminal known as Peace was selling the data of about 200 million users of Yahoo but did not confirm its authenticity. Peace has claimed responsibility.
Earlier, Peace also attempted to sell on a hacker forum information purportedly belonging to hundreds of millions of accounts at LinkedIn and MySpace, including email addresses, passwords and names.