Yahoo had reportedly been hacked a few years ago to the tune of 200 million usernames and passwords of account holders made it onto the dark web by 'Peace', hitting the Tor-based market 'The Real Deal'. Yahoo was said to be close to admitting the hack, but now they have, and it's even bigger than previously thought.
Chief Information Security Officer at Yahoo, Bob Lord, said: "We have confirmed that a copy of certain user account information was stolen from the company's network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers".
The hashing algorithm used is very secure, and is hard to break, with Lord adding that while no bank data was stolen, users should change their passwords. Lord added: "Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network. Yahoo is working closely with law enforcement on this matter".