- The horror game banned for mocking China’s president probably isn’t coming back 3 Years Ago
- Cheap vibrators, condoms, and lube: The most satisfying Amazon Prime Day deals 3 Years Ago
- George R.R. Martin says fan backlash won’t affect his ‘Game of Thrones’ ending 3 Years Ago
- The very finest Area 51 memes 3 Years Ago
- Tweet map ranks states where people are boycotting Amazon Prime Day Today 1:54 PM
- Lil Nas X says he will perform at Area 51 for free Today 12:56 PM
- The best Prime Day deals for gamers Today 12:53 PM
- How Republicans are dancing around Trump’s racist tweets Today 12:42 PM
- Not even anti-immigrant groups are defending Trump’s ‘go back’ tweets Today 12:37 PM
- Netflix’s latest chase thriller ‘Point Blank’ lacks electricity Today 12:27 PM
- Jay Inslee floats Megan Rapinoe as his secretary of state pick Today 11:33 AM
- The cast list for the ‘Kingsman’ prequel movie looks totally nuts Today 11:17 AM
- The best Prime Day deals to heat up your kitchen Today 11:16 AM
- YouTuber Emily Hartridge killed in electric scooter crash Today 10:50 AM
- Is Lashana Lynch really playing 007 in the new Bond movie? Today 10:33 AM
News of the breach first surfaced in early August.
If for some unholy reason you haven’t changed your Yahoo password since 2012, we have some bad news: You’ve probably been hacked.
Yahoo’s statement reads:
A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.
Yahoo’s admission was first reported by Recode’s Kara Swisher, a longtime tech reporter with deep ties in the industry.
The admission of a major breach would come at an inopportune time for Yahoo, which is in the midst of selling its core business to Verizon for $4.8 billion.
The hack itself is not exactly news. On Aug. 1, Motherboard’s Joseph Cox reported that someone—a cybercriminal known as “Peace” or “Peace of Mind”—was claiming to be selling hundreds of millions of Yahoo passwords on the dark net. Cox obtained a small portion of the data—around 5,000 logins—and many of the accounts he tested matched real Yahoo accounts, although some had been shut down.
At this point, users should assume that the breach is legitimate, simply for their own digital safety. You can also type in your email address in the Leaked Source search tool to see if your Yahoo account (or any account linked to your address) has been compromised.
And seriously, if you are still using any passwords from 2012, do yourself a favor and go update those now.
Update 1:40pm CT, Sept. 22: Yahoo has now confirmed the breach.
Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.