Press. voanews.com.
Yahoo Inc. said
on Thursday information for at least 500 million user accounts was stolen from
its network in 2014 by what it believed was a state-sponsored actor, a theft
that appeared to the biggest cyber breach ever.
Yahoo said data
stolen may have included names, email addresses, telephone numbers, dates of
birth and encrypted passwords but that unprotected passwords, payment card data
and bank account information did not appear to have been compromised, the
company said.
"This is
the biggest data breach ever, said well-known cryptologist Bruce Schneier.
He said it was
too early to say what impact the breach might have on Yahoo and its users
because many questions remain, including the identity of the state-sponsored
hackers behind it.
Three U.S.
intelligence officials, who declined to be identified by name, said they
believed the attack was state-sponsored because of its resemblance to previous
hacks traced to Russian intelligence agencies or hackers acting at their
direction.
Yahoo said it
was working with law enforcement on the matter. The FBI said it was aware of
the matter, and the U.S. Secret Service was not immediately available for
comment. "The investigation has found no evidence that the state-sponsored
actor is currently in Yahoo's network," the company said.
Shares of Yahoo
stock were barely changed for the day after the news, while shares of Verizon
Communications, which has agreed to buy the company's Internet business, were
up about 1 percent.
It was not clear
how this disclosure might affect Yahoo's deal with Verizon.
Verizon, which
announced in July an agreement to buy Yahoo's core internet properties for
$4.83 billion, said in a statement it was made aware of the breach within the
last two days and had limited information about the matter.
"We will
evaluate as the investigation continues through the lens of overall Verizon
interests, including consumers, customers, shareholders and related communities,"
the company said. Technology website Recode first reported Tuesday that Yahoo
planned to disclose details about a data breach affecting hundreds of millions
of users.
That followed an
August 1 story on the technology news site Motherboard, which said a cyber
criminal known as Peace was selling the data of about 200 million Yahoo users
but did not confirm its authenticity. Peace has previously claimed
responsibility. Peace also previously attempted to sell on a hacker forum
information purportedly belonging to hundreds of millions of accounts at
MySpace and LinkedIn, including names, passwords and email addresses.