Tech

‘State-sponsored’ Yahoo hack exposed 500M users

Yahoo said a massive hacking attack in 2014 was likely “state sponsored” — and compromised the account information of 500 million users.

The struggling Web pioneer said Thursday the stolen info included names, e-mail addresses, phone numbers, dates of birth, passwords and, in some cases, encrypted or unencrypted security questions and answers.

Yahoo’s probe of the breach — the biggest ever in terms of the number of accounts affected — turned up no evidence that hackers got credit-card data or bank account information, it said, noting it doesn’t store that on the affected network.

“The investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network,” the company said in a statement, without naming the country.

Yahoo is working “closely with law enforcement” as a probe of the incident continues, it said.

Analysts said the breach could end up lowering the $4.8 billion price that Verizon Communications agreed to pay to acquire Yahoo this summer.

“We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact,” Verizon said, adding it had learned of the breach two days earlier.

Yahoo said it’s notifying affected users and has taken steps to secure their accounts, including asking potentially affected users to change their passwords.

Yahoo said earlier this summer that it was investigating a data breach after hackers boasted about the attack.

A hacker named “Peace” claimed to have stolen info from 200 million Yahoo users from 2012 and, on the so-called “dark Web,” was demanding $1,800 from every affected user.