- Major protests in Lebanon triggered by plan to tax WhatsApp calls 3 Years Ago
- Frank Ocean’s $60 HIV prevention drug-themed shirts called tone-deaf Today 12:49 PM
- ‘Joker’ stairs latest Instagram spot; locals joke about potential robberies Today 10:30 AM
- PewDiePie banned in China after reacting to Winnie the Pooh memes Today 8:46 AM
- How to stream Cowboys vs. Eagles on Sunday Night Football Today 7:00 AM
- How to stream Chargers vs. Titans in Week 7 Today 6:00 AM
- 13 spooky romance games for adults Today 6:00 AM
- How to stream ‘Power’ season 6, episode 9 Today 5:00 AM
- How to stream Impact Wrestling’s Bound For Glory Today 5:00 AM
- How to stream Bills vs. Dolphins in Week 7 Today 4:30 AM
- How to stream Jaguars vs. Bengals in Week 7 Today 4:00 AM
- How to stream Texans vs. Colts in Week 7 Today 3:00 AM
- How to stream Manchester United vs. Liverpool Saturday 10:00 PM
- Man dragged for recording, posting video of neighbor being ‘killed’ instead of helping Saturday 4:14 PM
- How to stream Saints vs. Bears in Week 7 Saturday 3:25 PM
If for some unholy reason you haven’t changed your Yahoo password since 2012, we have some bad news: You’ve probably been hacked.
Yahoo’s statement reads:
A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.
Yahoo’s admission was first reported by Recode’s Kara Swisher, a longtime tech reporter with deep ties in the industry.
The admission of a major breach would come at an inopportune time for Yahoo, which is in the midst of selling its core business to Verizon for $4.8 billion.
The hack itself is not exactly news. On Aug. 1, Motherboard’s Joseph Cox reported that someone—a cybercriminal known as “Peace” or “Peace of Mind”—was claiming to be selling hundreds of millions of Yahoo passwords on the dark net. Cox obtained a small portion of the data—around 5,000 logins—and many of the accounts he tested matched real Yahoo accounts, although some had been shut down.
At this point, users should assume that the breach is legitimate, simply for their own digital safety. You can also type in your email address in the Leaked Source search tool to see if your Yahoo account (or any account linked to your address) has been compromised.
And seriously, if you are still using any passwords from 2012, do yourself a favor and go update those now.
Update 1:40pm CT, Sept. 22: Yahoo has now confirmed the breach.
Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.