Let's be honest. This past week has been tough for people who use Yahoo. On Thursday, news broke regarding the 500 million Yahoo accounts that were compromised in a 2014 data breach. And now, more information has been revealed about the origin of this breach, as well as how long it took before the breach was detected.
If you use any one of Yahoo's services, such as email, Tumblr or Flickr, here's what we know so far:
According to a statement released by the Yahoo Press Center, the information was stolen by a "state-sponsored actor." This is just another way of saying, "sponsored by the government."
To be clear, Yahoo isn't claiming that the U.S. government is behind the hack. In fact, officials are already noting similarities between the Yahoo incident and previous cyberattacks conducted by Russian state operatives.
When it comes to placing the blame, Yahoo's press statement calls attention to the larger picture of increasing threats in cybersecurity. "An increasingly connected world has come with increasingly sophisticated threats," the statement reads. "Industry, government and users are constantly in the crosshairs of adversaries. Through strategic proactive detection initiatives and active response to unauthorized access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and platforms secure."
2. What Yahoo knew, and when
Account holders were notified at the time of the attack, but there were few details about how the breach happened and just how many people were affected.
The full extent of the hack wasn't discovered until quite recently when a hacker who goes by the name "Peace" tried to sell over 200 million Yahoo credentials on the Dark Web. The asking price was just over $1,800 and Peace claimed that the list of credentials came from the 2014 Yahoo hack.
An investigation was launched regarding the claims made by Peace and the rest, as they say, is history. On Thursday, Yahoo confirmed that the hackers had gained access to the names, email addresses, birthdates, phone numbers and other login credentials of more than 500 million users.
According to this timeline, the extent of the breach wasn't fully discovered until 18 months after the incident.
3. What will happen to Verizon's planned takeover?
Before news of the hack's full scope broke out, Yahoo and Verizon were in the process of completing a merger. Has the recent news changed things?
A statement released by Verizon's press office indicates the company learned about the massive breach along with the rest of us.
"Within the last two days, we were notified of Yahoo's security incident. We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the overall impact."
Speculation has already sprung up regarding how this may impact the merger. Fortune Magazine has reported that Verizon could claim that this information is a "material breach of the contract," and could claim they even caused, "irreparable harm to Yahoo in terms of customer trust and usage."
Although it's unlikely that the merger will be killed altogether, this could have a serious impact on the purchase price that was negotiated previously. Just how much was Yahoo's price tag? Verizon was set to acquire the company for a whopping $4.8 billion.
Where do we go next?
If you use one of Yahoo's services, there are immediate steps you need to take to protect your account information. Click here for a step-by-step guide, and we'll walk you through the process.