- These cat purses have everything you need (including balls) 2 Years Ago
- Smooth dude gets girl’s number with a ‘choose your own adventure’ RPG on Tinder 2 Years Ago
- Beto O’Rourke reportedly pranked his wife with a ‘verdant turd’ 2 Years Ago
- The Disney-Fox deal is finalized 2 Years Ago
- Beto likes to stand on counters—and there are memes to prove it Today 10:47 AM
- House promises April vote on bill to restore net neutrality rules Today 9:58 AM
- Here’s how many YouTube subscribers Shane Dawson lost for his old bestiality joke Today 9:26 AM
- Drag queen spreads joy to toddler, world with ‘Baby Shark’ performance Today 9:21 AM
- How many ‘chuggas’ should come before choo choo? Today 9:10 AM
- Cory Booker’s weirdly sensual relationship with coffee resurfaces Today 8:31 AM
- Everything you need to know about gaming chat client Discord Today 8:00 AM
- Report: Your Facebook feed is still ripe with fake news Today 7:42 AM
- The 10 best movies based on true stories on Hulu Today 7:00 AM
- Prager University is fighting ‘leftist indoctrination’ on college campuses Today 7:00 AM
- Can ‘Guardians of the Galaxy Vol. 3’ recover from its disastrous drama? Today 6:00 AM
News of the breach first surfaced in early August.
If for some unholy reason you haven’t changed your Yahoo password since 2012, we have some bad news: You’ve probably been hacked.
Yahoo’s statement reads:
A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.
Yahoo’s admission was first reported by Recode’s Kara Swisher, a longtime tech reporter with deep ties in the industry.
The admission of a major breach would come at an inopportune time for Yahoo, which is in the midst of selling its core business to Verizon for $4.8 billion.
The hack itself is not exactly news. On Aug. 1, Motherboard’s Joseph Cox reported that someone—a cybercriminal known as “Peace” or “Peace of Mind”—was claiming to be selling hundreds of millions of Yahoo passwords on the dark net. Cox obtained a small portion of the data—around 5,000 logins—and many of the accounts he tested matched real Yahoo accounts, although some had been shut down.
At this point, users should assume that the breach is legitimate, simply for their own digital safety. You can also type in your email address in the Leaked Source search tool to see if your Yahoo account (or any account linked to your address) has been compromised.
And seriously, if you are still using any passwords from 2012, do yourself a favor and go update those now.
Update 1:40pm CT, Sept. 22: Yahoo has now confirmed the breach.
Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.