Legal Disclosure    Advertiser Disclosure

Yahoo Confirms Massive Data Breach: What You Need to Know

Published September 22, 2016   |   10 min. read

Constance Brinkley-Badgett

 Constance is a former editor at Credit.com. Prior to joining us, ... Read More
1 comments

Yahoo confirmed a massive data breach Thursday that compromised an estimated 500 million users’ personal details.

The announcement follows a Yahoo investigation into claims that a hacker going by the name “Peace” was trying in early August to sell the usernames, passwords and dates of birth of Yahoo account users on the dark web.

The investigation found that “certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” Yahoo said in a news release. “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.”

The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected, Yahoo said. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.

Yahoo is notifying potentially affected users and has taken steps to secure their accounts. These steps include invalidating unencrypted security questions and answers so they cannot be used to access an account and asking potentially affected users to change their passwords. Yahoo is also recommending that users who haven’t changed their passwords since 2014 do so.

Keeping Your Information Safe

If you ever have reason to believe a password to any of your accounts has been compromised, it’s a good idea to change it immediately. And you’ll want to do that across any account that shares the same password (not a best practice, by the way) as the affected one since hackers who obtain one username and password may try to use it to gain access elsewhere.

Remember, to keep passwords long and strong by using alphanumeric characters and phrases that can’t easily be guessed via social media (like, say, your pet names.) And, if you ever have reason to believe your personal information was hacked, it’s a good idea to monitor your credit for signs of identity theft. You can view a free credit report summary, updated every 14 days, on Credit.com.)

Image: Nicolas McComber

You Might Also Like

A father and teenage son sit out on a porch with a laptop discussing how to add rent and utilities to your credit report.

How to Add Rent and Utilities to Your Credit Report

Find out if your rent and utility payments are reported on your c... Read More

April 11, 2023

Uncategorized
A father and son smile at each other

How Long Does It Take for an Authorized User to Show on Your Credit Report?

Becoming an authorized user is a common tip for individuals tryin... Read More

September 13, 2021

Uncategorized
A woman shakes the hand of the man who interviewed her.

8 Simple Steps for Finding a New Job

Long-term unemployment can really hurt—and not just financially... Read More

August 4, 2021

Uncategorized