Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.


macrumors bot
Original poster
Apr 12, 2001

Yahoo today confirmed that "at least" 500 million Yahoo accounts were compromised in an attack in late 2014, leaking customer information like names, email addresses, telephone numbers, birthdates, hashed passwords, and both encrypted and unencrypted security questions and answers.

Yahoo does not believe unprotected passwords, payment card data, or bank account information was accessed, as that data is not stored in the system that was hacked. According to Yahoo, account information was stolen by a "state-sponsored actor" and the company is working with law enforcement on a full investigation.


Starting today, Yahoo will notify all affected users and is asking them to change their passwords immediately if passwords have not been changed since 2014. All compromised security questions and answers have also been invalidated. Yahoo has laid out a set of recommendations for all customers who might have had data stolen:
-Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
- Review your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
- Additionally, please consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.
Yahoo first said it was investigating a data breach earlier this summer after hackers started selling account access online. The full scope of the attack was not revealed until today and could potentially affect Yahoo's sale to Verizon.

Article Link: At Least 500 Million Yahoo Accounts Hacked in Late 2014


macrumors 65816
Sep 14, 2009
two years?? is this because they didn't know they were hacked much later?
Or did they know they were hacked in 2014, but didn't want to notify their users (bad press, etc).


macrumors 68000
Jan 29, 2003
Umm, because I've had my account since the early 90s and I don't trust Google..

Just FYI, the domain wasn't registered until 1995:
Creation Date: 18-jan-1995

(Earlier than, but not really very early.)

Agreed about Google et al. Any data 'in the cloud' - Google's, Apple's, Microsoft's etc - is vulnerable and the larger the target the more likely people will be trying to hack it.
  • Like
Reactions: monkeybagel


macrumors 68040
Sep 15, 2012
2014? What's the value of releasing this information today? Any damage that could have been done has probably long been done. I just hope that a large number of these 500 million accounts were dead and abandoned accounts belonging to users from the heyday of Yahoo in the late 1990's - 2005.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.