Yahoo has announced that “a state-sponsored actor” has gotten hold of a copy of US account details including password hashes, — machine-scrambled passwords that are sent and exclusively accepted by receiving servers — unencrypted and encrypted security questions and answers and vital specs like names, email addresses, phone numbers and dates of birth. The data dates back to late 2014.
As of this point, it seems that no unhashed passwords were obtained as well as payment or bank account information. Users are being notified and urged to be vigilant for suspicious emails asking for credentials or any unsolicited account activities and to change their passwords if they have not done so since 2014. The company’s investigation is ongoing.
Verizon is in the process of acquiring the former search giant at a price of $4.83 billion.