Yahoo has confirmed the mother of all data breaches — 500 million user accounts compromised back in late 2014 — and is laying blame at the foot of a “state-sponsored actor.”
The stolen data may have included names, email addresses, phone numbers, birthdays, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers, Yahoo said in a press release Thursday.
The confirmed hack has massive business implications, as the $4.8 billion sale of Yahoo’s core internet business to technology giant Verizon is still pending. The new owners would be taking on massive liability, which could change the terms of the transaction.
Yahoo is encouraging all users to change their passwords, security questions and security answers for their Yahoo accounts and any other accounts for which they may have used the same information.