Yahoo alleged in its statement that the act was "state-sponsored"[3] but did not name any country.

[2] It
is believed that the hack compromised personal data from the accounts including names, email
addresses, telephone numbers, dates of birth, hashed passwords (the majority with bcrypt) and, in
some cases, encrypted or unencrypted security questions and answers. [4][5] The statement also
claimed that the hacker was no longer in Yahoo's system and that the company was fully
cooperating with law enforcement.[3] Users were advised to be wary of unusual activity in their
accounts including suspicious emails.[1] Security experts cautioned that the incident could have farreaching consequences involving privacy potentially including finance and banking as well as
personal information about friends, family and more personal aspects of people's lives that could be
culled from emails.[1] Yahoo recommends its users to change their password and security questions
and answers for their Yahoo account as well any other accounts on which the same or similar
credentials were used, reviewing their accounts for suspicious activity, being cautious of any
unsolicited communications that ask for personal information and avoiding clicks on links or
download of attachments from suspicious emails.[5]
As of 23 September 2016, it is unknown how long the company had been aware of the breach.
[3]
Yahoo's confirmation of the data breach came almost two months after the company said it was
investigating claims that a hacker, who previously sold data taken from LinkedIn and Myspace,[6]
[7]
was offering stolen user account details from 200 million Yahoo accounts on the dark web
marketplace, "TheRealDeal".[8][9] A spokesperson for Verizon, which agreed to buy Yahoo! in July
2016, stated that Verizon had only become aware of the breach within the past two days. [2] Verizon
had offered $4.83 billion in July 2016 for Yahoo's core properties.[10]
Multiple experts that have looked into the issue believe that the security breach was the largest such
incident in thehistory of the Internet.[2][10]

Attribution of responsibility[edit]
U.S. intelligence officials who declined to give their names stated to the media highlighted similarities
between the attack and to previous hacks linked to Russian government agencies.[2]

Legal and commercial responses[edit]

The firm has faced two lawsuits as a result. One was filed in the U.S. District Court of San Diego,
stating that the hack caused an "intrusion into personal financial matters." The other was filed in the
U.S. District Court of San Jose, labeling the company "grossly negligent" in dealing with and
reporting the security breach. Yahoo has a policy of declining to comment on ongoing litigation and
chose not to make a public statement in response.[10]
The Federal Bureau of Investigation has c