Yahoo breach (2016) | CFR Interactives

Yahoo breach (2016)

Date of report

December 2016

Affiliations

Same state sponsor as the 2014 breach

A threat actor exploited a vulnerability in Yahoo's account log-in process, allowing it to access user accounts without a password. Approximately thirty-two million accounts were affected.

Suspected victims

Yahoo

Suspected state sponsor

Russian Federation

Type of incident

Espionage

Target category

Private sector

Victim government reaction

Policy response

Criminal charges

Suspected state sponsor response

Denial

Important Security Information for Yahoo Users
U.S. Charges Russian FSB Officers and Their Criminal Conspirators for Hacking Yahoo and Millions of Email Accounts
Haven't deleted your Yahoo account yet? Reminder: Hackers forged login cookies

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events