Yahoo hack hit 500 million users and may be state-sponsored, tech firm reveals

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Yahoo confirmed that an apparent “state-sponsored actor” stole information associated with some 500 million user accounts.

The information could include names, email addresses, telephone numbers, dates of birth and hashed passwords but might not include unprotected passwords, payment card data or bank account information, the tech giant said.

More sensitive information, such as credit card data, bank account numbers, and unprotected passwords were unlikely to have been included in the stolen information.

Yahoo says the breach occurred in late 2014. The information released by the company at this time does not appear to indicate which goverment orchestrated the security breach.

Cybersecurity expert Graham Cluley told The Independent that there are a number of state entities that could be behind the attack, and Yahoo would need to release more information to make such a determination.

"There are hackers all around the world. I think it's far too early to know that this smells of North Korea, or something like that," he said. "There are many countries who would probably be interested in breaching yahoo – not to say the US itself, which has broken into Yahoo and Google's data centres to access data before."

What is unusual about the company's claim, Mr Cluley added, is that state-sponsored hacks are tyically more targeted than what appears to have happened to Yahoo. But pointing the finger at government actors could prove slightly better for a tech company's public image.

"Let’s put it this way, If I were running a really big company and 500 milion of my users just had their accounts compromised," he said "I would be awfully pleased if I determined that it was a state-sponsored attack than some 16-year-old kids. It sounds less embarrassing."

State-sponsored hacks have been a running topic of conversation throughout the US presidential election, as the Hillary Clinton campaign was the target of hackers believed to be from Russia. Later, the Democratic National Convention fell victim to a massive hack believed to have been sponsored by Russia, as well.

The Clinton campaign first connected Russia to the email dump in July, expressing concerns that the Putin administration was attempting to tamper with the outcome of a presidential election.

“What’s disturbing to us is that experts are telling us Russian state actors broke into the DNC, stole these emails, and other experts are now saying that the Russians are releasing these emails for the purpose of actually helping Donald Trump,” said Clinton campaign manager Robby Mook.

Nevertheless, Yahoo urges its users that their information will be kept safely moving forward.

“An increasingly connected world has come with increasingly sophisticated threats. Industry, government, and users are constantly in the crosshairs of adversaries,” Yahoo said in a statement.

“Through strategic proactive detection initiatives and active response to unauthorized access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure.”

The tech firm said it was working with law enforcement as it sought to respond to the attack.