It doesn’t look good when half a billion of your company’s email accounts are hacked.
And it looks a bit worse when a cool billion of them in total were hacked.
Yahoo on Wednesday announced that it believes more than one billion Yahoo user accounts were compromised in a hack by an unauthorized third party in August of 2013.
The company disclosed that information stolen from affected accounts includes names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers. Clear text passwords, bank account information, and credit/debit card information were not believed to be accessed in the attack.
Yahoo stated that the hack was discovered by law enforcement officials provided the company with what appears to be Yahoo users data from an unknown source. The company says it has been unable to identify the specific intrusion, though this hack is “likely” distinct from a late 2014 hack that compromised more than 500 million Yahoo user accounts and their relevant information.
Yahoo is notifying users who may have been affected by the attack, and says it has “taken steps” to secure their accounts by implementing mandatory password changes. Unencrypted security questions and answers have also been invalidated.
In addition to the hacks, Yahoo has also announced that an ongoing outside investigation suggests that an unauthorized third party attempted to forge cookies that may have been responsible for the September 2014 hack. The forged cookies may have gathered information and sent them along to outside parties. The company has connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.
Yahoo suggests users “review all of their online accounts” to check for suspicious activity and change any passwords that might have been used for a Yahoo account and another online account. Yahoo also recommends implementing two-factor authentication and avoiding links from suspicious emails.
Stay tuned for additional details as they become available.
Via MacRumors