Posted by Robert Vamosi on September 22, 2016
Yahoo says a “a state-sponsored actor” is responsible for a 2014 data breach, although it declined to say more.
Previously Yahoo had said it was investigating with law enforcement a breach of 200 million user accounts. Apparently the investigation has found a deeper intrusion into its network.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in a statement released on Thursday. The company said the breach “did not include unprotected passwords, payment card data, or bank account information.”
Verizon said recently it would like to acquire Yahoo, but according to Recode that sale may now be complicated by today’s news.
Get the latest Software Integrity news, thought leadership, and more.