{
	"id": "4e55fcbd-a412-43cd-a6c2-4f1caa3d42df",
	"created_at": "2026-04-06T00:12:06.297644Z",
	"updated_at": "2026-04-10T03:23:52.398034Z",
	"deleted_at": null,
	"sha1_hash": "62f2d8e17c6b5949f6c56dd4aed07b5c7f47245f",
	"title": "Yahoo hit with a Massive 500 Million Account Data Breach",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1254827,
	"plain_text": "Yahoo hit with a Massive 500 Million Account Data Breach\r\nBy Lawrence Abrams\r\nPublished: 2016-09-22 · Archived: 2026-04-05 21:48:22 UTC\r\nIn what could be the largest data breach in history, Yahoo announced today that attackers infiltrated their servers in 2014 and\r\nwalked away with account information for at least 500 million users. This stolen information may include names, email\r\naddresses, telephone numbers, dates of birth, hashed passwords, with most being encrypted using bcrypt, and\r\npotentially encrypted or unencrypted security questions and answers. According to Yahoo, they feel that this attack was\r\nconducted by a state-sponsored attacker, rather than a small hacking group or lone hacker.\r\nIn a notice posted to Tumblr, Yahoo's CISO Bob Lord stated:\r\nWe have confirmed that a copy of certain user account information was stolen from the company’s network in late\r\n2014 by what we believe is a state-sponsored actor. The account information may have included names, email\r\naddresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some\r\ncases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen\r\ninformation did not include unprotected passwords, payment card data, or bank account information; payment\r\ncard data and bank account information are not stored in the system that the investigation has found to be\r\naffected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million\r\nuser accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in\r\nYahoo’s network. Yahoo is working closely with law enforcement on this matter.\r\nSo what does this mean to Yahoo users? It means that if you used the same password from Yahoo on other sites, you better\r\ngo to those sites and change the passwords now! With today's modern hardware, decrypting stolen encrypted passwords is\r\nnot the hard task it used to be. Criminals will buy this Yahoo data, decrypt the passwords, and try to use it to login to other\r\naccounts you may own. This could lead to identity theft, massive SPAM attacks, or banking theft.\r\nhttps://www.bleepingcomputer.com/news/business/yahoo-hit-with-a-massive-500-million-account-data-breach/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/business/yahoo-hit-with-a-massive-500-million-account-data-breach/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nWith that said, the first thing anyone should do who has a Yahoo account is to immediately change their passwords at the\r\nother sites they visit.\r\nSo how can you protect yourself from data leaks in the future?\r\nData leaks are becoming so common, I suggest that people use the following strategies to keep their online accounts secure:\r\n1. Never reuse the same password at another site. Yes, I know this is a pain in the arse, but so is getting your bank\r\naccount broken into. There is no excuse not to use password managers such as KeePass or online services like\r\nLastPass to store unique passwords for every site you visit.\r\n \r\n2. Never reuse the same password at another site. No, this wasn't repeated by mistake. Most people will ignore step 1,\r\nso I am repeating it.\r\n \r\n3. Enable two-step verification on any online accounts that support it. Two-step verifications makes your online\r\naccounts more secure as it requires user's to login with their normal password and with a special password sent to a\r\nuser's cell phone or selected email address. This sounds like a pain, but you quickly get used to it. It also makes your\r\naccount very secure.\r\n \r\n4. Use strong complex passwords. If you use a password manager as suggested in step 1, the programs can create\r\nunique and strong passwords and the password managers will automatically log you in with them.\r\nOut of all of these steps, though, using unique passwords at every site you have an account is the most important. That way\r\nif one site is hacked, you are still safe and secure on any other ones.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nhttps://www.bleepingcomputer.com/news/business/yahoo-hit-with-a-massive-500-million-account-data-breach/\r\nPage 3 of 4\n\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/business/yahoo-hit-with-a-massive-500-million-account-data-breach/\r\nhttps://www.bleepingcomputer.com/news/business/yahoo-hit-with-a-massive-500-million-account-data-breach/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/business/yahoo-hit-with-a-massive-500-million-account-data-breach/"
	],
	"report_names": [
		"yahoo-hit-with-a-massive-500-million-account-data-breach"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434326,
	"ts_updated_at": 1775791432,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/62f2d8e17c6b5949f6c56dd4aed07b5c7f47245f.pdf",
		"text": "https://archive.orkl.eu/62f2d8e17c6b5949f6c56dd4aed07b5c7f47245f.txt",
		"img": "https://archive.orkl.eu/62f2d8e17c6b5949f6c56dd4aed07b5c7f47245f.jpg"
	}
}