Yahoo announced on Thursday that certain user account information was stolen from the company’s network in late 2014 “by what we believe is a state-sponsored actor.”
“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.”
That’s more accounts than were believed to have been accessed in eBay’s 2014 data breach when it made all of its 145 million active buyers change their passwords.
We sent an email to our Yahoo PR contact asking what merchants who use (or used) Yahoo Stores/Aabaco Stores should they know about the news coming out today regarding the security breach but did not receive a response by press time.
In May of this year, Reuters had said there were reports that hundreds of millions of hacked user names and passwords for email accounts such as Mail.ru, Google, Yahoo, and Microsoft were being traded in Russia’s criminal underworld. And last month, Ars Technica said Yahoo was investigating reports that there were 200 million hacked Yahoo accounts for sale on the dark Web.
Yahoo reminded users on Thursday not to be tricked by spoof “phishing” emails: “Please note that the email from Yahoo about this issue does not ask you to click on any links or contain attachments and does not request your personal information.” More information can be found on Yahoo’s announcement on Tumblr.com.
Update: The Yahoo spokesperson referred us to the Yahoo blog post as well as a FAQs page for more information – neither address whether Yahoo Stores merchant accounts were impacted.