Yahoo confirms breach of 500M accounts

UPDATED: Yahoo released a statement Sept. 22 announcing that the details of 500 million accounts were compromised in 2014 by a state-sponsored actor. The stolen information includes names, email addresses, telephone numbers, birth dates, hashed passwords, and some security questions and answers. The statement also encourages the use of a Yahoo Account Key, a system that uses a mobile app to allow account access.

Yahoo will confirm a data breach that resulted in 200 million stolen user credentials, according to a Recode report.

Yahoo is in the middle of selling off its core business to Verizon Communications for $4.8 billion. Confirming a breach could have an impact on the price, according to Recode.

News of the breach broke in August when a cyber criminal known as Peace offered to sell 200 million alleged Yahoo user credentials for three bitcoins (or a little more than $1,800 at the time). A Motherboard analysis of the sample data found usernames, hashed passwords, birth dates and some backup email addresses from accounts from 2012.

Recode reports that Yahoo didn’t confirm whether the accounts were legitimate nor require users to reset passwords.

If Yahoo confirms the breach, it’s just another in a list of mega breaches that recently came to light. Others include 33 million Russian instant messenger accounts, 68 million Dropbox accounts and 43 million Last.FM accounts.