- Jason Momoa stands by his Khaleesi after the ‘Game of Thrones’ finale Today 4:05 PM
- Airbnb, 23andMe partner for creepy heritage travel recommendations Today 3:26 PM
- Rep. Katie Porter goes viral again for trouncing Ben Carson (updated) Today 3:26 PM
- This deepfake takes Bill Hader’s Schwarzenegger impression to the next level Today 2:58 PM
- Wanda Sykes rails against Trump and offers much-needed perspective in ‘Not Normal’ Today 2:41 PM
- Man arrested after allegedly threatening to shoot YouTube employees Today 2:13 PM
- Some House Dems are backing away from the Save the Internet Act Today 1:40 PM
- Thousands sign petition calling for Danny DeVito to play Wolverine Today 1:02 PM
- Jason Mitchell fired from ‘Desperados’ and ‘The Chi’ after misconduct allegations Today 12:36 PM
- Police raid Black woman’s house after white neighbor complains about loud Malcolm X speeches Today 12:20 PM
- ‘Transfixed’ says it’s a ‘breakthrough’ series, but it still fetishizes trans bodies Today 11:04 AM
- Senator proposes Do Not Track bill to allow consumers to opt out of data gathering Today 10:54 AM
- The Queen of the North likes to Juul Today 10:36 AM
- Nearly half of Juul’s Twitter followers can’t legally buy the product, study says Today 10:26 AM
- New Facebook Messenger scam tricks people into thinking they donated to ISIS Today 10:26 AM
News of the breach first surfaced in early August.
If for some unholy reason you haven’t changed your Yahoo password since 2012, we have some bad news: You’ve probably been hacked.
Yahoo’s statement reads:
A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.
Yahoo’s admission was first reported by Recode’s Kara Swisher, a longtime tech reporter with deep ties in the industry.
The admission of a major breach would come at an inopportune time for Yahoo, which is in the midst of selling its core business to Verizon for $4.8 billion.
The hack itself is not exactly news. On Aug. 1, Motherboard’s Joseph Cox reported that someone—a cybercriminal known as “Peace” or “Peace of Mind”—was claiming to be selling hundreds of millions of Yahoo passwords on the dark net. Cox obtained a small portion of the data—around 5,000 logins—and many of the accounts he tested matched real Yahoo accounts, although some had been shut down.
At this point, users should assume that the breach is legitimate, simply for their own digital safety. You can also type in your email address in the Leaked Source search tool to see if your Yahoo account (or any account linked to your address) has been compromised.
And seriously, if you are still using any passwords from 2012, do yourself a favor and go update those now.
Update 1:40pm CT, Sept. 22: Yahoo has now confirmed the breach.
Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.