The hits keep coming for beleaguered search engine icon Yahoo Inc. – and not the good kind.
On Thursday, the company revealed that what it called a “state-sponsored actor” stole personal information from at least 500 million user accounts in late 2014.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” the company wrote in a Sept. 22 statement.
However, it’s unlikely the stolen information included payment card data or bank account information, as neither was stored on the affected system, the company said.
In addition to notifying potentially affected users and recommending that those who haven’t changed their passwords since 2014 do so, Yahoo said that it’s taking steps to secure accounts, such as invalidating unencrypted security questions and answers. The company is also working with U.S. authorities to investigate the breach further.
The leaks revealed yesterday are only the latest in a string of recent high-profile data breaches, with Yahoo joining a red-faced class of 2016 that so far includes LinkedIn and Dropbox.
They also represent the latest setback in the company’s ongoing attempts to rehabilitate its floundering image, and could even affect its recent acquisition by U.S. telecommunications giant Verizon Communications Inc. for $4.8 billion USD – an amount that some analysts speculate was fuelled more by Yahoo’s value as a content creator than as a search engine.
“The dark cloud this casts will be very long and will likely impact the merger agreement,” Jeff Kagan, a Georgia-based telecommunications industry analyst, told the Washington Post in an email. “We’ll just have to wait and see what happens next.”
Verizon only learned of the security breach this week, according to a Sept. 22 statement from the company, and Yahoo declined to say whether it learned of the breach before or after the deal was announced when asked by the Post.
“We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact,” Verizon said in its statement. “We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities. Until then, we are not in position to further comment.”