At least half a billion Yahoo accounts have been breached by what investigators believe is a nation-sponsored hacking operation. Attackers probably gained access to a wealth of holders' personal information, including names, e-mail addresses, phone numbers, birth dates, answers to security questions, and cryptographically protected passwords.
Yahoo Chief Information Security Officer Bob Lord dropped that bombshell announcement on Thursday afternoon, several hours after news site Recode reported the company was poised to disclose a compromise affecting several hundred million accounts. With at least 500 million accounts included in Yahoo's official statement, the breach is among the biggest ever to hit a single Web property.
"We have confirmed, based on a recent investigation, that a copy of certain user account information was stolen from our networks in late 2014 by what we believe is a state-sponsored actor," Lord wrote. "The account information may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers."