Digital Media Center
Bryant-Denny Stadium, Gate 61
920 Paul Bryant Drive
Tuscaloosa, AL 35487-0370
(800) 654-4262

© 2024 Alabama Public Radio
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Yahoo Confirms Data From Millions Of Accounts Stolen In 2014

RENEE MONTAGNE, HOST:

One of Yahoo's more popular services is its free email. Now the tech giant has revealed at least half a billion user accounts have been hacked. It's one of the largest data breaches on record. Yahoo says the theft occurred two years ago but they only detected it this summer. Then they waited until now to warn customers. NPR's Aarti Shahani has more.

AARTI SHAHANI, BYLINE: No version of the story looks good for Yahoo. Either the company had an inkling about being hacked back in 2014 and just didn't say anything, or what the company claims is true - they just discovered the breach this summer, which means it took them two years to detect that half of their user accounts were stolen.

ANNE MCKENNA: That's very unusual and very troubling on many levels.

SHAHANI: That's Anne McKenna, a law professor at Pennsylvania State University. Most states in the U.S. have rules that require companies to inform their users when data has been stolen. And it has to happen in a reasonable period of time.

It took Yahoo an unreasonable period of time, cybersecurity experts say. And today, the company based in California has not shown compliance with its state laws. Anne McKenna.

MCKENNA: Yahoo has yet to provide to the public - here's how we think the breach occurred. Here's your exact information that was taken.

SHAHANI: The company issued only a generic letter to users yesterday, saying hackers got Yahoo emails, real names, phone numbers, dates of birth and passwords. Yahoo says hackers did not get credit card and bank account numbers. And the company did not offer credit monitoring, even though your stolen email and password might be used to access financial accounts, as many people recycle passwords.

MCKENNA: Yahoo's just telling everybody, hey, hey, if you haven't changed your password since 2014, just go ahead and change them.

SHAHANI: Yahoo did not inform Verizon, the company which had agreed to buy them over the summer for nearly $5 billion. Verizon issued a curt statement yesterday, saying it was just informed this week of the break-in, while after, they jointly announced their deal.

Yahoo says federal agents are investigating. And the hackers were state-sponsored, meaning a foreign government was behind this. But the company provided no further details in order, quote, "to prevent the actors from learning our detection methods." Aarti Shahani, NPR News, San Francisco. Transcript provided by NPR, Copyright NPR.

Aarti Shahani is a correspondent for NPR. Based in Silicon Valley, she covers the biggest companies on earth. She is also an author. Her first book, Here We Are: American Dreams, American Nightmares (out Oct. 1, 2019), is about the extreme ups and downs her family encountered as immigrants in the U.S. Before journalism, Shahani was a community organizer in her native New York City, helping prisoners and families facing deportation. Even if it looks like she keeps changing careers, she's always doing the same thing: telling stories that matter.
News from Alabama Public Radio is a public service in association with the University of Alabama. We depend on your help to keep our programming on the air and online. Please consider supporting the news you rely on with a donation today. Every contribution, no matter the size, propels our vital coverage. Thank you.