The breach, disclosed Thursday, is the latest setback for the beleaguered internet company, and dates back to late 2014.
That’s when high-tech thieves hacked into Yahoo’s data centers, the company said.
But Yahoo only recently discovered the break-in as part of an ongoing internal investigation.
The stolen data includes users’ names, email addresses, telephone numbers, birth dates, hashed passwords, and the security questions – and answers – used to verify an account-holder’s identity.
Last month, the tech site Motherboard reported that a hacker who uses the name “Peace” boasted that he had account information belonging to 200 million Yahoo users and was trying to sell the data on the web.
Yahoo recommends that users change their passwords if they haven’t done so since 2014.
The Sunnyvale, California, company said its investigation so far hasn’t found any evidence that information about users’ bank accounts or credit and debit cards were swiped in the hacking attack.
It said it has “no evidence” that the attacker is still in Yahoo’s network.
News of the security lapse could cause some people to have second thoughts about relying on Yahoo’s services, raising a prickly issue for the company as it tries to sell its digital operations to Verizon Communications for $4.8 billion.
That deal, announced two months ago, isn’t supposed to close until early next year. That leaves Verizon with wiggle room to renegotiate the purchase price or even back out if it believes the security breach will harm Yahoo’s business.
That could happen if users shun Yahoo or file lawsuits because they’re incensed by the theft of their personal information.
Verizon said it still doesn’t know enough about the Yahoo break-in to assess the potential consequences.
“We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities,” the company said in a statement.
Comments are not available on this story. Read more about why we allow commenting on some stories and not on others.
We believe it's important to offer commenting on certain stories as a benefit to our readers. At its best, our comments sections can be a productive platform for readers to engage with our journalism, offer thoughts on coverage and issues, and drive conversation in a respectful, solutions-based way. It's a form of open discourse that can be useful to our community, public officials, journalists and others.
We do not enable comments on everything — exceptions include most crime stories, and coverage involving personal tragedy or sensitive issues that invite personal attacks instead of thoughtful discussion.
You can read more here about our commenting policy and terms of use. More information is also found on our FAQs.
Show less