Yahoo: Data From 1 Billion User Accounts Hacked

Do you have a Yahoo account? Better change your password. Again.

On Dec. 14, 2016, Yahoo Inc. admitted it uncovered another enormous cyber attack. Data from more than 1 billion users was hacked in August 2013 in what is the largest breach in history.

This announcement comes on the heels of Yahoo’s disclosure in September 2016 that 500 million user accounts had been breached back in 2014 by “state sponsored” actors.

With this most recent announcement, Yahoo required all customers to reset their passwords. After the previous breach, the company only recommended a password reset and didn’t require it.

According to Yahoo, stolen info may include names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

Yahoo has admitted it didn’t even discover the breach until reviewing data provided to the company from law enforcement.

They also believe the hackers behind the previous breach also were able to access Yahoo’s proprietary code and learn how to forge “cookies,” essentially allowing hackers to get into an account even without a password. “We are notifying the affected account holders, and have invalidated the forged cookies,” according to Bill Lord, CSIO, in a statement regarding the breach, which was posted to Tumblr on Dec. 14.

Some of the world’s most respected security experts are saying that Yahoo has systematically failed to take security seriously.

Read more about the breach in this Wall Street Journal story.

Democratic Senator Mark Warner of Virginia is looking into Yahoo’s cyber security practices. Warner will be the top Democrat on the Senate Intelligence Committee next year. He described the hacks as “deeply troubling.”

“This most-recent revelation warrants a separate follow-up and I plan to press the company on why its cyber defenses have been so weak as to have compromised over a billion users,” he said in a statement to Reuters.

 

Are you covered for identity theft?

Get Covered

Image: Pixabay