Yahoo!
Yahoo! Chief executive Marissa Mayer. Steve Jennings/Getty Images

(Diya TV) – Yahoo confirmed Thursday that it had been subject of a massive hacking attack that exposed the data of at least 500 million users.

Earlier this summer, Yahoo said it was investigating a data breach in which hackers claimed to have access to 200 million user accounts and one was selling them online. “It’s as bad as that,” said one source. “Worse, really.”

Here’s Yahoo’s full statement, in which they blame an unspecified state-sponsored actor:

“We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor.” The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information as these are not stored in the affected system. This news should come as a relief to those with online business banking accounts, though it stands as a reminder for users to use secure methods to protect their accounts when doing their internet banking.
“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.”

The announcement very likely carries huge implications on Yahoo’s pending sale to Verizon for $4.8 billion. According to multiple reports, sources at Verizon said they were largely unaware of the severity of the attack until recently and that CEO Marissa Mayer and others did not flag them as to the extent of the issue in the bidding process.

You can read that ire clearly between the lines in a statement from Verizon-owned AOL, which is expected to be integrated with Yahoo when the deal is complete.

“Within the last two days, we were notified of Yahoo’s security incident. We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact. We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities. Until then, we are not in position to further comment.”

Additionally, sources at Yahoo have revealed that the company subjected to a number of previous incidents that were not managed swiftly by CEO Marissa Mayer. One senior executive with working knowledge of the situation said that former Yahoo information security head Alex Stamos had tried aggressively to get management to act more strongly at the time, but he had not been successful. The highly touted techie left Yahoo in mid-2015 for a job as chief security officer at Facebook.

The incident first came to light in August after “Peace,” an infamous cybercriminal, advertised the sale of user credentials for some 200 million Yahoo users on the “dark web.” The data included user names, some passwords and personal information like birth dates and other email addresses. For those wanting to increase their security across digital platforms, websites like websafetyadvice.com can be very beneficial providing many tips and tricks to help ensure your personal information won’t end up for sale online.

At the time, Yahoo said it was “aware of the claim,” but declined to say if it was legitimate. Instead, it opened an investigation, but did not issue a call for a password reset to users.