Yahoo on Thursday confirmed the data, "connected with at least 500 million user accounts" that were stolen. Theft has become one of the largest ever breaches of cybersecurity.
The company said that the government has initiated data theft, and this means violation of individual, acting on behalf of the government. A violation is said to have occurred at the end of 2014.
"Account information can contain names, email addresses, phone numbers, dates of birth, passwords (the vast majority with Bcrypt), and in some cases, the encrypted questions about security and the responses to them," the statement reads Yahoo.
Yahoo urges users to change their password for security and to review their accounts for suspicious activity. Financial data such as Bank account numbers and credit card data were not included in the stolen information, in accordance with the statements by Yahoo. Yahoo is working with law enforcement to learn more about the breach.
"The FBI is aware of the infiltration and investigation of this issue," said an FBI spokesman. "We take these violations very seriously, and will determine how this happened and who is responsible. We will continue to work with the private sector and to share information, so they can protect their systems from the actions of persistent cybercriminals."
Rumors about large-scale theft first appeared in August, when a hacker who goes by the nickname "the World" claimed to have sold the data of 200 million users of Yahoo in the Internet. The same hacker earlier claimed to have sold a stolen account from LinkedIn (LNKD, Tech30) and MySpace.
Yahoo initially said that they were "aware of demand" and investigated the situation. Almost two months later, it appears that the situation is even worse.
U.S. Senator Richard Blumenthal called for more stringent legislation to "ensure that companies properly and timely notify consumers when their data has been stolen."
Data breach occurs at a difficult time for Yahoo.
Verizon (VZ, Tech30) has agreed to purchase Yahoo shares at the end of July, just a few days before it was first reported by the hacker. The transaction is expected to be completed in the first quarter of 2017.
Verizon said that only learned about the violation this week. "In the past two days, we were notified about the incident," the representative said Verizon in a statement. We understand Yahoo is actively investigating this issue, but in this case we have limited information."
Mega-breach could create a headache for both companies, including media attention and scrutiny by regulatory authorities.
sections: World News, Economics, Accidents