IE 11 is not supported. For an optimal experience visit our site on another browser.

Yahoo Breach of 500M Accounts Among the Biggest of All-Time

The Yahoo breach, which is being blamed on a "state-sponsored actor" was way worse than anyone expected.
Yahoo CEO Marissa Mayer speaks during her keynote address at the annual Consumer Electronics Show (CES) in Las Vegas
Yahoo CEO Marissa Mayer speaks during her keynote address at the annual Consumer Electronics Show (CES) in Las Vegas, Nevada January 7, 2014. REUTERS/Robert Galbraith

The Yahoo breach of 500 million accounts, which is being blamed on a "state-sponsored actor," was way worse than anyone expected.

The internet company, which is in the process of being sold to Verizon, confirmed it had fallen victim to a hacker in late 2014 in what security experts are saying is believed to be the biggest breach of all time.

"This cycle [of credential spills] is typical, but the scale is pretty astounding," Shuman Ghosemajumder, chief technology officer of Shape Security, a Google Ventures-backed firm, told NBC News.

"Yahoo is such a general website so it represents a cross-section of the worldwide population that could be affected by this," he said. "This really takes the risk up to a new level."

In May, it was revealed that as many as 360 million Myspace usernames, emails and passwords for accounts created before June 11, 2013 may have been stolen by the same hacker who revealed the Yahoo breach last month to Vice's Motherboard. LinkedIn may have also fallen victim in a 2012 hack. Both companies said they required possibly impacted accounts to change their passwords.

Data security expert Timothy Carone, a professor at the University of Notre Dame's Mendoza College of Business, told NBC News these types of breaches can happen to any company.

"It is an arms race. Things like this are going to happen to the best in the business," he said. "I don't believe it is because Yahoo has been lax or has not taken this sort of thing seriously -- it could have every easily been someone else."

Bob Lord, Yahoo's chief information security officer, confirmed the breach in a statement on Thursday afternoon and said the company was "working closely with law enforcement on this matter."

The stolen account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, according to Lord, encrypted or unencrypted security questions and answers.