Yahoo confirms 500 million user accounts were hacked

Yahoo has confirmed that personal information from at least 500 million users was stolen in an attack on its accounts in 2014 by what the tech company called a "state-sponsored actor".

Yahoo CEO Marissa Mayer
Yahoo CEO Marissa Mayer

The information may include names, email addresses, telephone numbers, dates of birth, encrypted passwords, and, in some cases, encrypted or unencrypted security questions and answers, said Yahoo.

It added that there was no indication that payment card data, bank account details, or unprotected passwords had been stolen, or that the attacker was still in the network. Affected users are being notified and accounts being secured, Yahoo said.

Yahoo used its announcement to detail the steps it was taking to protect users and make security recommendations. "Yahoo is working closely with law enforcement on this matter," chief information security officer Bob Lord said.

The revelation comes at a difficult time for Yahoo, as it undergoing a $4.83bn (£3.68bn) takeover by Verizon, expected to be completed in early 2017.

Yahoo had begun investigating in July, after hackers claimed to have access to hundreds of millions of accounts. In August, a high profile hacker advertised the details of 200 million Yahoo users for sale on the dark web, with an asking price of 3 bitcoins ($1,795 or £1,386). The hacker, Peace, had previously sold stolen Myspace and LinkedIn data.

Commenting on the breach, Jane Frost, chief executive of the Market Research Society, said: "This latest breach highlights how organisations can fall foul to having inadequate data protection policies in place.

"It’s fundamental to good business practice to embed the right data structures to safeguard the data we all rely on for commercial and public services."

Dom Waghorn, strategy director at WPP-owned digital agency, Syzygy, said:  "Breaches like these contribute to the very real risk that users will stop signing up for online services and setting up accounts. That would run contrary to the industry desire to offer personalised, tailored digital experiences – if the end user isn’t known, those experiences simply can’t be offered.

"Shorter-term, it’ll be interesting to see if there’s a legislative response to this from the likes of the EU, and more crucially, how Verizon deals with a Yahoo brand that’s fallen a long way since it’s $125bn market cap 17 years ago."

Subscribe to Campaign from just £57 per quarter

Includes the weekly magazine and quarterly Campaign IQ, plus unrestricted online access.


Looking for a new job?

Get the latest creative jobs in advertising, media, marketing and digital delivered directly to your inbox each day.

Create an Alert Now

1 Martin Freeman fronts Vodafone UK's first integrated ad campaign by Ogilvy

The Hobbit and Sherlock star Martin Freeman plays a rude wedding guest in Vodafone's first integrated ad campaign since the telecoms giant moved its UK ad business to Ogilvy & Mather earlier this year.

Case study: How 'This girl can' got 1.6 million women exercising

1 Case study: How 'This girl can' got 1.6 million women exercising

"This girl can" was based on a powerful insight: that the fear of judgement by others is the primary barrier holding women back from participating in sport.

Just published