The Yahoo breach first broke in August when a hacker called Peace was promising to sell 200 million usernames, passwords, birthdates, and email addresses for less than US$2,000. Yahoo wouldn’t confirm the legitimacy of the attack but now we finally get confirmation that the company was victim of a “state-sponsored” attack back in 2014. Yahoo elaborated on a statement on its investor relations site the types of data the hackers might have had access to. "The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers," the statement reads. This doesn’t include sensitive payment information but the hack is considered large enough that Yahoo is working with law enforcement to see what happens.

There is no word yet if there will be a government investigation brought about by this incident. Yahoo hasn’t also said why it took so long to publicly confirm the report. It could do with the fact that the beleaguered company is selling itself to Verizon and the news could cause harm to the deal before it officially closes in early 2017.

Source: Engadget