User information including name, email address, telephone number, date of birth, passwords, and, in some cases, security questions and answers were stolen from Yahoo in late 2014, the company said today, adding it suspects a "state-sponsored actor" was behind the massive incursion.
"Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account," the company said. "The company further recommends that users avoid clicking on links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information."
Yahoo also suggested consumers use
No payment data
Stolen information did not include payment card data, or bank account information, Yahoo said. Payment card data and bank account information are not stored in the system that the investigation has found to be affected.
Yahoo said it was notifying potentially affected users.
Verizon agreed to buy the struggling internet company for $4.8 billion in July, as part of its strategy to add compelling content to its wireless services. It also bought AOL, including The Huffington Post, earlier.
Critics were quick to pronounce the breach a disaster for the rapidly fading giant.
“Yahoo may very well be facing an existential crisis. Already besieged by business execution issues and enduring a fire sale to Verizon, this may be the straw that breaks the camel’s back," said Corey Williams, senior director of products and marketing at Centrify, an internet security company. "Since this breach occurred in 2014, it wasn’t properly communicated or handled, and it may very well give Verizon an 'out' or a reason to renegotiate."
Williams said the incident was "less of a story about ... passwords being exposed and more about how lax security and poor handling of incidents can impact the very existence of a company."