If you’re a member of the photo sharing service Flickr, you might want to change your password as soon as possible. Yahoo, which owns Flickr, has reportedly suffered a major hack.
Recode reports that Yahoo is preparing this week to confirm a massive data breach — a hack that may have exposed several hundred million user accounts. The “widespread” and “serious” intrusion is likely to lead to government investigations and legal action.
News of the hack first emerged back in August when an online hacker by the name of “Peace” boasted that he had obtained 200 million Yahoo accounts from 2012 for about $1,800. Data included usernames, passwords that could be decrypted, and personal info (e.g. birth dates and email addresses).
Although Yahoo said it was investigating at the time, it did not call for its users to change their passwords. This week it may.
Back in mid-2014, Yahoo switched Flickr over to a system based on Yahoo accounts (previously you could sign in with Facebook and Google accounts). Thus, the account credentials you use to log into Flickr may now be in the hands of hackers — change your password today to ensure that your Flickr and Yahoo accounts don’t get accessed without your knowledge.
This news comes at a bad time for both Yahoo and Verizon, which agreed back in July to acquire Yahoo’s core business for $4.8 billion. As both parties are working to close the deal, this massive hack adds new headaches to the equation.
Update: That didn’t take long. Yahoo just confirmed the data breach, saying that it believes over 500 million user accounts were stolen.
“We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” Yahoo writes. “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.”