Seven Network Partner Yahoo Hacked 500M Users Exposed
FORTUNE: Yahoo who in Australia partner with the Seven Network, has admitted to a hack in 2014 that left data of 500 million users exposed. The company also blamed an unnamed nation state for the hack.
Hints of an epic breach came in summer, when a dark web dealer called Peace offered 200 million usernames and passwords of Yahoo users on a Tor-based market called The Real Deal, as reported by Vice Motherboard. Rumours then emerged Yahoo was ready to admit the breach, but it’s now confirmed the hack was even bigger than first indicated.
“We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” said Bob Lord, chief information security officer at Yahoo. It should be noted that bcrypt is a very strong hashing algorithm — such hashing uses maths to turn plain text into nonsense. The harder the algorithm is to crack, the harder it is to uncover the original password.
“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.”
Lord noted that bank data was not stolen, as far as the investigation had determined, and that affected individuals would be notified. He recommended all users who hadn’t changed their passwords since 2014 should do so. Security questions have also been reset by Yahoo.