Skip to content

Yahoo confirms ‘state-sponsored’ hackers stole data from 500m accounts

Posted by Geraldine Hunt on Fri, Sep 23rd, 2016

According to Reuters, Yahoo Inc said on Thursday, information associated with at least 500 million user accounts was stolen from its network in 2014 by what it believed was a "state-sponsored actor." 

Details include names, passwords, email addresses, phone numbers and security questions. The company says the passwords that hackers stole were encrypted. This compromised data is used by criminals to hijack user identities and use them for fraudulent purposes. Users should be wary of any emails purporting to come from Yahoo, particularly if they prompt the users to click any links, download any attachments or give out any personal information. Yahoo is blaming the hack on a “state-sponsored actor.”

It's the largest-ever publicly disclosed data breach, and it could affect a lot more than your email account. Apart from the scale of this breach which impacts half a billion users, what’s astonishing is how long it took Yahoo to discover  the breach. Many high profile companies have suffered serious data breaches including Linkedin and Sony. The compromised security at Sony, the global games company, allowed criminals access data from 20 million accounts which including email addresses,  phone numbers, passwords, and in some cases credit card numbers. 

Below are the 5 largest previous breaches, according to

  • MySpace: 359 million accounts
  • LinkedIn: 164 million accounts
  • Adobe: 152 million accounts
  • Badoo: 112 million accounts
  • VK: 93 million accounts

Breach raises questions

The timing of all this could not be worse for Yahoo.  It had agreed a deal in July to sell its internet business to Verizon for $4.8bn. Last night's breach announcement must  raise questions about the completion of that deal? What is suprising is that Verizon only learned about the issue in the last two days, and claims to have limited information about it.

Password Security

Yahoo is recommending that people change their password, and also change the password anywhere else they may have re-used that information. Ideally, they should stop re-using passwords altogether.

IT managers  are more password security aware than most, not least because when company and financial systems are at risk there are  serious consequences for them. A data breach can often take time to be noticed but it eventually is through identity theft, lawsuits or substantial corporate expenses. 

Your new strong passwords should use all of the following:

  • More than seven characters
  • Upper and lower case letters
  • Numbers
  • Special characters

One more word of caution. Hackers know that any large data compromise, like the Yahoo attack, will make people nervous. It’s their favorite time to send out phishing emails with the end of goal of getting people to change their passwords on fake websites with fake log in screens. Passwords should always be updated by going directly to the site, never by clicking on a link on an email. Remember network security is all about layers, always keep anti spam, antivirus and other network security solutions updated.

If you'd like to talk to a security specialist about any network security issues email us at 

Related Articles

Never Miss a Blog Post

Sign-up for email updates...

Get Your 14 Day Free Trial

Talk to Our Email and DNS Security Team

Call us on UK/EU +44 203 808 5467

Contact Us