It seems like we're changing our passwords more than we're breathing this year. LinkedIn, Dropbox, Twitter, Spotify and Myspace and now Yahoo have been hacked — and now the hackers seem to have set their sights on Yahoo.
According to Recode, Yahoo is expected to confirm that a hacker has obtained "several hundred million user accounts."
Motherboard reported in August that Yahoo was "aware" of a major data breach, in which the hacker — known as Peace — obtained 200 million Yahoo user accounts, including names, passwords, personal information and other emails, and was allegedly selling them on the dark web at a price tag of just over $1,800. The company has yet to officially confirm its validity.
A source told Recode that the data breach Yahoo is alleged to legitimize this week is "as bad as that" — referring to the 200 million user accounts hacked — "Worse, really."
Yahoo confirmed in a statement on Thursday that at least 500 million user accounts were stolen from its network in late 2014 by "what it believes is a state-sponsored actor." This information includes names, emails, phone numbers, birth dates, passwords, "and, in some cases, encrypted or unencrypted security questions and answers."
If you haven't changed your password since 2014, Yahoo suggests that you go ahead and change those now. It also notes in the blog post that it is working with law enforcement on the issue.
"An increasingly connected world has come with increasingly sophisticated threats," the blog post says. "Industry, government and users are constantly in the crosshairs of adversaries. Through strategic proactive detection initiatives and active response to unauthorized access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure."
If you had or currently have a Yahoo account with the same password as other services you use, change your passwords ASAP.
Sept. 21, 2016, 3:14 p.m.: This story has been updated.