If you’re a Yahoo user with an account associated with the company’s services, you may want to change your passwords and security questions. The company confirmed today over 1 billion accounts were compromised in a new security breach:
As Yahoo previously disclosed in November, law enforcement provided the company with data files that a third party claimed was Yahoo user data. The company analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. The company has not been able to identify the intrusion associated with this theft. Yahoo believes this incident is likely distinct from the incident the company disclosed on September 22, 2016.
For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.
Holy crap. Now that’s a major SNAFU, part deux (last September Yahoo said over 500 million accounts were compromised in a separate attack).
If you’re still using Yahoo services like email, you need to change your passwords and answers to your security questions (and other sites using these same answers). Better yet, ditch your Yahoo account altogether and use a different email service instead, like Gmail for instance, setup with two-step security. Oh, and make sure you’re using a password manager like 1Password.