Yahoo believes a state-sponsored actor is the likely culprit to blame.
The potential damage is quite severe, and Yahoo estimated the perpetrators got away with usernames, hashed passwords, telephone numbers, birth dates, as well as security questions in some cases (some were encrypted and some were not).
Yahoo advises their users to change their passwords immediately. In addition to that, they should monitor their accounts for any suspicious activities.
The good news is that Yahoo does not believe the perpetrators stole the truly sensitive kind of information like bank account numbers and credit card information.
The company is cooperating with law enforcement to get to the bottom of this. An FBI spokesman said they take these kinds of breaches very seriously, and that they are determined to discover the identity of those who did this.
Things first got suspicious in August when a hacker known as “Peace” was found selling the account data of 200 million Yahoo users online. The same hacker previously made claims of having stolen account data from LinkedIn and MySpace. Yahoo launched its investigation around that time, and 2 months later, the data security breach was confirmed.
Senator Richard Blumenthal believes Yahoo betrayed the trust of their users. According to him, taking this much time to confirm the breach is not acceptable.