2014 attack on Yahoo compromises at least 500-million users

September 27, 2016 Logan Bibby

Last week, Yahoo announced an attack on its network which occurred in late-2014. The attack compromised at least 500-million accounts, but sensitive information is said not to have been included. If you are included in this breach, Yahoo may have already notified you. However, whether or not you were affected, I highly recommend resetting your password now.

This is particularly important for AT&T customers because Yahoo is the current provider of AT&T e-mail.

Data Affected

Yahoo says no sensitive information was breached. The following information may have been included: “names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”


First and foremost, change your password. Because it’s possible security questions and answers were included, change all security questions and answers. If you use the Yahoo account (AT&T, too) with those security questions/answers on a different site, change the security questions and answers on that site, too.

Additional Information

You can find more information about the breach on Yahoo’s release and in their Account Security Issue FAQs.