Yahoo Reveals 500 Million Users Are Affected by Data Breach … From 2014

This article is over 7 years old and may contain outdated information

Recommended Videos

Regular reminder to change your password! Yahoo suffered a security breach back in late 2014, and in August of this year, a hacker named “Peace” was found to be shopping around 200 million usernames and passwords for sale online. Now, Yahoo has revealed that the data breach affected as many as 500 million users and compromised a lot of information, though reportedly not financial data.

In a help post geared towards users trying to figure out how much danger their information is in, Yahoo said that the breach included, “names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.” Yahoo doesn’t believe any unencrypted passwords were involved, and they say that bank and bank card information isn’t even stored in the same system as the one affected.

Still, they recommend that any users who are concerned about their data should change their passwords anyway, and BBC News says that UK Internet Service Providers that use Yahoo as the basis for their users’ email accounts have also urged password changes. Hopefully, everyone has already changed their password since 2014 already, being that it’s almost 2017, but who has the patience to change all their passwords regularly?

Yahoo says they believe the attack to be “state-sponsored,” but they’re not clear on exactly what government is behind it. The FBI is looking into those claims, but it’s unnerving that it took until now to warn users about a data breach that happened so long ago, and seemingly only because the data going on sale let the cat out of the bag. Even Verizon, currently in the process of purchasing Yahoo, only became aware of the breach “within the last two days,” as they told the BBC.

The once mighty Internet company has been fighting for relevance for a while, but I’m not sure hiding a massive data breach for years is the ideal way to achieve it.

(via Deadline, image via Neon Tommy on Flickr)

Want more stories like this? Become a subscriber and support the site!

The Mary Sue has a strict comment policy that forbids, but is not limited to, personal insults toward anyone, hate speech, and trolling.—

Follow The Mary Sue on Twitter, Facebook, Tumblr, Pinterest, & Google+.

The Mary Sue is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Image of Dan Van Winkle
Dan Van Winkle
Dan Van Winkle (he) is an editor and manager who has been working in digital media since 2013, first at now-defunct Geekosystem (RIP), and then at The Mary Sue starting in 2014, specializing in gaming, science, and technology. Outside of his professional experience, he has been active in video game modding and development as a hobby for many years. He lives in North Carolina with Lisa Brown (his wife) and Liz Lemon (their dog), both of whom are the best, and you will regret challenging him at Smash Bros.