Yahoo was hacked again — and this time, it involves a lot more accounts.
1 billion Yahoo accounts hacked
The company announced it discovered a breach of more than 1 billion user accounts that occurred in August 2013. This breach is also believed to be separate from the hack Yahoo reported in September that involved 500 million accounts.
And according to Yahoo, the company hasn’t been able to determine what happened — meaning how the 1 billion accounts were stolen and who did it.
“We have not been able to identify the intrusion associated with this theft,’ said Yahoo’s chief information security officer Bob Lord in a statement.
“The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,” Lord added.
Yahoo was made aware of the breach by law enforcement, and after analyzing the data with help from outside experts, the company says it does not believe that users’ payment information was exposed.
‘The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.’
Yahoo says it is notifying users that were affected by the hack and they will be required to change their account passwords.
In the same statement, the company also announced that its proprietary code had been accessed by hackers — allowing ‘an intruder to access users’ accounts without a password.’
‘Based on the ongoing investigation, we believe an unauthorized third party accessed our proprietary code to learn how to forge cookies. The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies. We have connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.’
How to protect yourself
Yahoo is encouraging all users to follow these safety recommendations:
- Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
- Review all of your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
- Consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.
Here are more ways to protect yourself from hackers:
- Protect yourself from online credit card hackers
- 10 places to never use a debit card
- 13 ways you may be exposing yourself to fraud