Yahoo received an anonymous tip about a hacker who calls himself, Peace or Peace of Mind, that 200 million account’s information was compromised back in July. He was seen selling 200 million Yahoo user account information on the dark web. Yahoo had also been going through the work and deal to sell its main business operations to Verizon also since July. Verizon claims that it knew nothing about a possible breach or anything regarding the breach until this past Thursday when Yahoo went public with its situation.
The anonymous tip triggered an investigation by Yahoo which actually uncovered that 500 million user’s information was compromised, since 2014. The information stolen includes names, email addresses, dates of birth, phone numbers, password information and possibly even the security question answers, as stated by Yahoo. The hackers received the hashed passwords of all compromised users. The hackers did not receive information on users payment card data or bank information because the information is not stored in the system that has not been affected so far in the investigation, says Yahoo.
Security experts from Symantec who are looking into the breach now, suspect it is an attack from a nation state, suggesting Russia. They suspect it to be a nation state because a nation state would practically be the only entity to have enough resources to both break the encrypted passwords and enact anything malicious with that information, on the scale that was stolen.
The 4.83 billion deal with Verizon has obviously taken a blow. The SEC is also very likely to follow up with an investigation of Yahoo, to investigate whether or not they were withholding information from stockholders and the market.
Not very much detailed information has been released on this breach so far. Yahoo has only suggested its users change their passwords and other account passwords if you tend to use similar or the same password for other accounts.