"We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers."There's good news and bad news. First the bad news. Yahoo's investigation into the security incident suggests the unnamed state-sponsored actor made off with at least 500 million of its users' account information. The good news? The American technology company's security team has found no indication that the hackers made off with unprotected passwords, payment card data, or banking information.
"An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the crosshairs of adversaries. Through strategic proactive detection initiatives and active response to unauthorized access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure."As of this writing, the company is working with law enforcement as it continues to investigate the breach.