Yahoo feared huge hack at least TWO MONTHS ago but didn’t let customers know

BOSSES at internet giant Yahoo first feared they had been hacked at least TWO MONTHS ago but didn't let their 500m customers know until now, it's been reported.

The breach, which actually occurred in late 2014, was confirmed by the company yesterday when it revealed huge amounts of personal information had been stolen in a "state-sponsored attack".

2

Now it's reported Yahoo knew of the potential hack that affects 500m users in 'at least August', but only confirmed the huge breach on Thursday.

The hackers are believed to have grabbed names, email addresses, phone numbers, birthdays, encrypted passwords and the 'unencrypted' security questions and answers of its 500million users.

They are now said to be selling the stolen data on the 'dark web' for just 3 bitcoin - around £1,400.

The 'treasure trove of secrets' could be used to defraud or blackmail money from Yahoo users or even steal their identities.

The company said that certain account information was stolen from the company's network in late 2014 in what it believes was a 'state-sponsored actor.'

Russia has been linked to several recent US hacks. North Korea are also understood to have a large state-sponsored hacking unit.

Expert Alex Holden, the founder of Hold Security, said that the hack might allow criminals access to users' entire lives.

RELATED STORIES

HACK ATTACK

Yahoo hacked - signs your account has been stolen and what to do

HACK ATTACK

Yahoo confirms about 500 million users had personal information stolen in 'state-sponsored' hack

CYBER CRIMINALS

Cyber security expert warns millions of Gmail, Hotmail and Yahoo email accounts have been hacked

THE SPY IN YOUR POCKET

How more than 100,000 cameras on PCs and phones across UK are vulnerable to online hackers

"The stolen Yahoo data is critical because it not only leads to a single system but to users' connections to their banks, social media profiles, other financial services and users' friends and family," Holden told the New York Times.

"This is one of the biggest breaches of people's privacy and very far reaching."

Norway-based cybersecurity advisor Per Thorsheim warned that the hack 'will cause ripples online for years to come.'

"The devil has tricked you into thinking your bank account is the most important piece of information on earth. It's not," he told.

"At least not in the case of security and privacy online. I'm more concerned about my Facebook account being hacked than my bank account, to be honest."

The expert said that while bank information and social security numbers hadn't been released, the Yahoo hack had still obtained a 'treasure trove of secrets.'

2

: "A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor.

"The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers."

Yahoo said it was notifying potentially affected users and encouraged users to review their online accounts for any suspicious activity.

Verizon, which bought Yahoo for USD$4.83 billion in July 2016, said it had been notified of the massive breach.

We pay for your stories! Do you have a story for The Sun Online news team? Email us at [email protected] or call 0207 782 4368.