UPDATE: Yahoo has now confirmed that at least 500 million users were affected in the breach, which took place in 2014.
——original story below—–
Remember how, earlier this summer, a hacker claimed to be selling credentials for at least 200 million Yahoo accounts? Well, unfortunately for hundreds of millions of Yahoo users, and the company itself, the hack appears to be legitimate — and bad.
Tech site Recode reports this morning that Yahoo is expected to confirm the massive data breach this week.
Sources “close to the situation” did not confirm to Recode the exact extent of the breach, other than to say it is indeed hundreds of millions of user accounts.
Those sources noted to Recode that the breach is indeed widespread and serious, and likely to result in government investigations and legal actions.
About the 200 million estimate, one source told Recode, “It’s as bad as that. Worse, really,” which is not good news for anyone, but is especially bad for Verizon, which is in the midst of acquiring Yahoo in a $4.8 billion transaction.
As Recode points out, the sheer scale of the breach is staggering, and the legal liabilities that could result from it are equally huge. In short, shareholders may well freak out.
Yahoo did not return Recode’s request for comment, perhaps unsurprisingly.
Yahoo is expected to confirm massive data breach, impacting hundreds of millions of users [Recode]

Editor's Note: This article originally appeared on Consumerist.