Update: Yahoo has confirmed the data breach, and says the leaked information pertains to 500 million accounts and dates back to 2014. The leaked data "may have included names, email addresses, telephone numbers, dates of birth, hashed passwords [...] and, in some cases, encrypted or unencrypted security questions and answers." The company will be notifying affected users. We urge anyone with a Yahoo account to change their password immediately. The original story follows below:
Technology news website Recode reports former web search leader Yahoo may imminently acknowledge a massive data breach. The site claims that "several hundred million" user accounts may have been compromised.
Rumors of a breach began circulating back in August when a black hat hacker going by the name "Peace" claimed to have data pertaining to 200 million breached accounts for sale. At that time, a Yahoo spokesperson admitted the company was investigating the claim.
Recode's sources did not provide specific information on the timing the extent of the breach. According to the site, Peace claimed the data for sale was of 2012 vintage. The black hat claimed the data includes user names, MD5-hashed passwords, birth dates, and email addresses. Peace did not state whether Flickr and Tumblr accounts, which use Yahoo logins, are likewise affected.
Yahoo reached an agreement to sell itself to Verizon for $4.8 billion on July 25 (excluding Yahoo's 15% stake in Chinese e-commece giant Alibaba). ETF Daily News suggests that "that deal could now be in jeopardy, at least from a price perspective, as Verizon is sure to investigate the issue and possibly ask for a lower price."
Regardless of the age of the data contained within the alleged breach, we suggest that users with Yahoo accounts change their login credentials as soon as possible.