Share:

Yahoo Confirms Another 1 Billion+ Accounts Were Hacked

Share:

If you’re a Yahoo user with an account associated with the company’s services, you may want to change your passwords and security questions. The company confirmed today over 1 billion accounts were compromised in a new security breach:

As Yahoo previously disclosed in November, law enforcement provided the company with data files that a third party claimed was Yahoo user data. The company analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. The company has not been able to identify the intrusion associated with this theft. Yahoo believes this incident is likely distinct from the incident the company disclosed on September 22, 2016.

For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.

Holy crap. Now that’s a major SNAFU, part deux (last September Yahoo said over 500 million accounts were compromised in a separate attack).

If you’re still using Yahoo services like email, you need to change your passwords and answers to your security questions (and other sites using these same answers). Better yet, ditch your Yahoo account altogether and use a different email service instead, like Gmail for instance, setup with two-step security. Oh, and make sure you’re using a password manager like 1Password.

Share:

  • KosmoBo

    I doubt that Google’s security is any better! I just updated the iOS on my iPhone and I got a “Review blocked sign-in attempt” notification email from GMail when the Mail app tried to get my mail. Horribly written email, stating that the app the attempt was made from was insecure and with phishing-looking links to secure my account. When I logged in in my GMail account from another device, GMail showed me that the device (i.e. my phone from my IP address) was unknown (I’m checking my email 20+ times a day from that phone!) and that the other device’s last login was back in August (I’m checking my email at least once a day from it).
    Also, two factor authentication would not prevent dumping the whole database with account information and actual emails! The dump from Yahoo! wasn’t from compromised accounts with weak security, it was because Yahoo!’s security was weak/not working properly/phished employee, etc.

Deals