Yahoo has admitted to having suffered one of the largest data-breaches of the decade. According to the information provided, some 500 million user accounts were stolen during an attack in 2014; and the internet giant believes that it was the work of state-sponsored hackers.
Rumours had earlier been floating around that an attack on Yahoo had exposed a large number of accounts. Initial reports indicated that the number was around the 200 million, although it is now known to have been a very conservative estimate.
The information stolen covers email addresses, user names, passwords, dates of birth, and unencrypted security questions. However, payment information and credit card numbers do not appear to have been affected in the attack. Despite this small comfort, the stolen information has been seen for sale on the Dark Web.
It is uncertain as to why Yahoo is claiming that the attack is the work of state sponsored attackers, and the company has not pointed any fingers. All Yahoo users are advised to change their passwords and security questions, as well as implement two stage authentication. That being said, it might already be too late considering how long it took to notice the breach.
[Source: Yahoo Investor Report]