Yahoo breach (2016)
Date of report
  • December 2016
  • Same state sponsor as the 2014 breach
A threat actor exploited a vulnerability in Yahoo's account log-in process, allowing it to access user accounts without a password. Approximately thirty-two million accounts were affected.
Suspected victims
  • Yahoo
Suspected state sponsor
  • Russian Federation
Type of incident
  • Espionage
Target category
  • Private sector
Victim government reaction
  • Yes
Policy response
Suspected state sponsor response