Cybersecurity Alert: 500 Million Yahoo User Accounts Stolen in Massive Data Breach in 2014

September 22, 2016

Threat Summary

Yahoo confirmed today that at least 500 million of its user accounts were stolen as part of a data breach in 2014. Yahoo believes that a "state-sponsored" actor is responsible for the breach. Information stolen may include names, email addresses, telephone numbers, dates of birth, hashed passwords, and security questions and answers. For more information, see Yahoo's statement on the breach.

ACA Aponix Guidance

ACA Aponix recommends taking the following precautionary measures regardless of whether or not you have a Yahoo account:

  • Change your Yahoo account password immediately and adopt alternate means of account verification.
  • Change your password and security questions and answers for any other accounts that use the same information.
  • Review your accounts for suspicious activity.
  • Be cautious of inbound emails from Yahoo email addresses.
  • Be cautious when clicking links or downloading attachments in emails.

If you have any questions, please contact your ACA Aponix consultant or email us at