Yahoo Inc. confirmed Thursday, September 22, 2016, that its systems fell victim to hackers in late 2014. In a press release, Yahoo stated that a recent investigation revealed that a copy of the information had been stolen from its network in late 2014 by what the company believes to be a “state-sponsored actor.” According to Yahoo, the stolen data included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted and unencrypted security questions with answers. No payment card information appears to have been compromised.
Hashing passwords prevents passwords from being read in their plain text. Yahoo said that the “vast majority” of Yahoo account passwords were protected by this hashing function. Unprotected passwords were not affected.
Yahoo is working closely with law enforcement on the matter and recommends that anyone who has not changed their passwords since 2014 do so immediately. Users should monitor their accounts for suspicious activity and change passwords or security questions that rely on the same information as that affected by the breach.
In recent years, Yahoo launched a program to detect and notify users when there is a strong suspicion that an account has been targeted. Since the launch of this program in December 2015, about 10,000 users have received notice of threats.