The leak includes “names, addresses e-mail, phone numbers, dates of birth, password hashes (the vast majority with B crypt) and, in some cases, security questions and answers encrypted or not.” According to Yahoo, more sensitive data such as bank account information or credit card numbers were not stored on the affected system. According to a statement sent by Yahoo to the SEC (Securities and Exchange Commission, the federal agency that oversees the securities market), the high-ranking officials were notified in 2014 about the attack, which had been sponsored by any state organization. Yahoo did not say what measures it had taken at the time, but we already know that the information remained hidden from the public for two years. Hold on that gets worse: after making further inquiries, Yahoo found evidence that a hacker, possibly even managed to get into the company’s servers, created cookies that allow you to access certain user accounts without a password. Therefore, we would not even have to use brute force to find the password hashes. All this pump comes at a bad time for Yahoo, which had received an agreement to be bought for $4.8 billion by Verizon, which was not aware of the huge leak during the negotiations. According to The New York Times, it is possible that the agreement can be renegotiated. Till to the date, 23 lawsuits against Yahoo have already been opened due to leakage.
