Yahoo Inc. said Thursday that hackers have compromised the personal information of at least half a billion of its users, in one of the largest security breaches of the Internet age.
The company said that it believes the hack was carried out by “a state-sponsored actor”-- in other words, the attack was financed by an unnamed foreign government. The stolen data is believed to include names, e-mail addresses, telephone numbers, dates of birth, and encrypted passwords.
But Yahoo said that the thieves did not gain access to computers containing unprotected passwords, payment card data, or bank account information. Yahoo urged its users to check their accounts for signs of suspicious activity and to change their passwords and security questions immediately.
Users of Yahoo Mail are also urged to beware of suspicious e-mail messages. These could be fraudulent “phishing” messages sent to people whose addresses have been stolen, seeking to get further data.
Bruce Schneier, a fellow at the Berkman Klein Center for Internet & Society at Harvard University, said the Yahoo breach was very serious, because so many Internet users now routinely store sensitive information on Internet-based systems. “We no longer keep our stuff on our computers,” said Schneier. “We keep our stuff on their computers.”
But Schneier said that consumers are still better off relying on cloud-based services because despite the occasional data breach, these systems are still more secure than the typical home computer. “For most people,” he said, “these companies do a much better job of protecting their data then they do.”
Yahoo, founded in 1994, is one of the world’s leading online destinations. In the United States alone, the company’s various Internet services attract over 200 million unique visitors per month, making it the third most popular Internet destination after Google and Facebook. In July, Yahoo agreed to be acquired by Verizon Communications Inc. for $4.83 billion.