Yahoo Confirms 500 Million Accounts Stolen

In recent news, Yahoo confirmed that 500 million user accounts were stolen in late 2014. This one instance of data loss is said to constitute the largest cyber security breach in history. Yahoo has publicly stated that they believe that someone who was acting on behalf of the government was actually responsible for the data breach. They have gone so far as to describe the individual as being “state-sponsored.”

Quick Facts On the Yahoo Data Breach: Largest Cyber Security Breach in History

Data Involved in the Breach: Information accessed during the data breach include: names, email addresses, phone numbers, birthdates, partial passwords (referring to passwords presented while hashed and with bcrypt), as well as some security Q&As.

Data Believed NOT to be Involved in the Breach: Bank account numbers and credit card data are believed NOT to be included in the stolen information.

Yahoo Recommended User Response: Yahoo encouraged users to alter their passwords and security questions as well as review their accounts for any suspicious activity.

Yahoo advised the public that they would continue to work with law enforcement to address the data breach. Rumors of the large-scale data breach started circulating in August when a hacker (“Peace”) claimed to be selling data pulled from 200 million online Yahoo users. Previously Peace claimed to sell account information stolen from LinkedIn and MySpace. When rumors began to circulate, Yahoo claimed they were aware of the situation and were conducting an investigation. It turns out the situation was even worse than rumors indicated.

The hack is being described by experts as “massive” and is expected to have a ripple effect online for years. In response to this and other, similar, situations, U.S. Senator Richard Blumenthal is calling for tougher legislation to require companies to provide prompt notification to consumers in the event customer data is compromised.

For more information on customer database breaches and appropriate notification of breaches as required by law, please contact the experienced southern California employment law attorneys at Blumenthal, Nordrehaug & Bhowmik.