Over One Billion Accounts Breached In Yahoo Hack

You may have seen news recently about another Yahoo hack, but if not here’s some news about it.

If you have a Yahoo account you may want to change your password right now as the company has confirmed that over one billion accounts were subject to data theft in an attack that took place in 2013. Yahoo has stated that such data may have included E-mail addresses, names, phone numbers, hashed passwords as well as encrypted or unencrypted security answers and questions.

Back in September 2016, Yahoo suffered another data breach that enabled hackers to get away with data from over 500 million accounts. Yahoo has been quick to ensure that the two attacks are separate.

Yahoo recently posted the following statements on their Tumblr page:

”As we previously disclosed in November, law enforcement provided us with data files that a third party claimed was Yahoo user data. We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.

For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.”

”Based on the ongoing investigation, we believe an unauthorized third party accessed our proprietary code to learn how to forge cookies. The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies. We have connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.”

This Yahoo hack is all that’s wrong with trusting our data to stay safe on the web

This Yahoo hack, as well as previous hacks, certainly does show that while we trust out data to the web, we should never think it’s safe even with top notch security barriers in place. The Yahoo hack is just one of many to come. The internet has a price to pay and that is our data.