Yahoo Says Hackers Stole Data on 500 Million Users in 2014
SAN FRANCISCO — Yahoo announced Thursday that the account information for at least 500 million users was stolen by hackers two years ago, in the biggest known intrusion of one company’s computer network.
In a statement, Yahoo said user information — including names, email addresses, telephone numbers, birth dates, passwords and, in some cases security questions — was compromised in 2014 by what it believed was a “state-sponsored actor.” It did not name the country involved.
The company said that it was working with law enforcement officials and that it was invalidating existing security questions and asking users to change their passwords. Yahoo also encouraged people to review other online accounts for suspicious activity, change passwords and security questions on those accounts, and watch out for suspicious emails.
Verizon Communications is moving forward with a $4.8 billion acquisition of Yahoo, which was announced in July. In a statement Thursday, a Verizon spokesman, Bob Varettoni, said the company learned of the breach of Yahoo’s systems only two days ago and had “limited information and understanding of the impact.”
根据今年7月宣布的消息，威瑞森电信(Verizon Communication)正在推进以48亿美元收购雅虎的交易。威瑞森的发言人鲍勃·瓦雷东尼(Bob Varettoni)在周四的声明中称，公司两天前才知道雅虎系统遭到入侵，“掌握的信息有限，对其影响的了解也有限”。
Yahoo said it learned of the data breach this summer after hackers posted to underground forums and online marketplaces what they claimed was stolen Yahoo data. A Yahoo team investigated the data and was unable to confirm that the stolen data had originated from a breach at Yahoo. But in investigating the security of its systems, the company discovered that there was another breach, by what it believes was a state-sponsored actor, that dated to 2014.
“The stolen Yahoo data is critical because it not only leads to a single system but to users’ connections to their banks, social media profiles, other financial services and users’ friends and family,” said Alex Holden, the founder of Hold Security, which has been tracking the flow of stolen Yahoo credentials on the underground web. “This is one of the biggest breaches of people’s privacy and very far-reaching.”
“失窃的雅虎数据很重要，因为它们不只通往单个系统，还牵涉到用户和银行、社交媒体配置文件、其他金融服务以及朋友和家人的联系，”Hold Security公司创始人亚历克斯·霍尔顿(Alex Holden)表示。该公司一直在地下网络中追踪失窃的雅虎用户帐号凭证的流向。“这是人们的隐私遭到的最大规模的侵犯之一，影响非常深远。”
Such state-sponsored attacks on U.S. technology companies, Yahoo said in a statement, are becoming routine. “Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry,” it said.