With just months to go before it’s set to be acquired by Verizon for $4.83 billion, Yahoo confirmed today that a massive data breach four years ago affected some 500 million Yahoo users.
First reported by Motherboard in early August, the breach came to light after the Yahoo credentials were listed for sale on the dark web. Offered by a hacker using the name “Peace” for the price of three bitcoins (about $1,800), the user data appeared to have been taken in a breach that occurred in 2012.
“We are aware of a claim,” a Yahoo spokesperson first told us on August 2. “We are committed to protecting the security of our users’ information and we take any such claim very seriously.”
Confirmation Anticipated Today and Later Confirmed
In a report published earlier today, tech site re/code cited “several sources close to the situation” who said Yahoo would soon confirm the 2012 massive breach of user accounts. Noting that legal action and government investigations were likely, those sources told re/code the breach was widespread and serious. “It’s as bad as that,” according to one source. “Worse, really.”
Security developer Troy Hunt was among those closely watching the Yahoo developments today. Hunt, who runs the breach-related Web site, “Have I been pwned?,” noted in several tweets today that he and others had received email or sign-on notifications from Yahoo recommending a change in passwords to secure their accounts.
“More Yahoo breach indicators (this could happen any time, but a lot of signals lining up at once right now),” Hunt said on Twitter earlier this morning.
Official confirmation came mid-day today, when Yahoo chief information security officer Bob Lord confirmed in a post on the company’s Tumblr account that “information associated with at least 500 million users accounts was stolen” in late 2014…