Yahoo breach

Yahoo has announced that at least 500 million of their user accounts have been compromised in a breach that occurred in late 2014, making it the largest password breach in history. The breach is believed to have compromised the names, email addresses, telephone numbers, dates of birth, hashed passwords, and, in some cases, encrypted or unencrypted security questions and answers.


Announced: September 22, 2016

Description of the breach: On September 22, 2016 Yahoo announced that at least 500 million of their users had their account information compromised in a state sponsored hack that occurred in late 2014. Tumblr, a social media website owned by Yahoo was not affected in the breach.

Users that have not changed their password and security questions since 2014 are being advised to do so immediately. In addition, Yahoo is advising all users to be cautious of any unsolicited communications from a source claiming to be Yahoo or any “help center” as hackers tend to use the information from large data breaches in phishing scams to lure individuals into clicking dangerous links, or to convince consumers to give up private information. Yahoo is also reminding users that the company never charges for technical support, and anyone that is charging a fee for help related to this breach, is most likely a fraud.

Because many consumers reuse their passwords across multiple sites, those accounts are likely susceptible to hacking if the account holders uses the same login/password combination elsewhere. If you reuse your Yahoo password or suspect you may have, it is advisable that you change your passwords on those accounts immediately.

Data breach period: Late 2014

Official information from Yahoo:

Yahoo Questions and Answers regarding the breach:

Yahoo Help Center:

More coverage of this breach: New York Times and USA Today