Technology firm Yahoo says “state-sponsored” hackers stole information from about 500 million users in what appears to be the largest publicly disclosed cyber-breach in history.
The breach included swathes of personal information, including names and emails, as well as “unencrypted security questions and answers”.
What is peculiar about the news is that the hack took place in 2014, but has only now been made public.
The FBI has confirmed it is investigating the claims. On Thursday 22 September 2016, Yahoo confirmed the breach was far bigger than first thought.
Stolen data includes names, email addresses, telephone numbers, dates of birth and encrypted passwords, but not credit card data, Yahoo said.
It said the information was “stolen by what we believe is a state-sponsored actor” but did not say which country it held responsible.
It is not only the largest hack by the number of accounts lost, but might be one of the most significant of recent years. It threatens to derail the company just as it is being bought by Verizon – a deal that was thought by some to be its saviour.
News of a possible major attack on the technology firm emerged in August 2016 when a hacker known as “Peace” was apparently attempting to sell information on 200 million Yahoo accounts.
Yahoo is recommending all users should change their passwords if they have not done so since 2014.