Yahoo Suffers World’s Biggest Hack, 1 Billion Users Affectedby Sidharth Shekhar December 15, 2016 0 comments
More than one billion user accounts may have been affected by a hacking attack dating back to 2013, Yahoo has said.
This hack is different from 2014 breach in which 500 million accounts were compromised.
Usernames, phone numbers, passwords and email addresses were stolen, but not bank and payment data.
Yahoo said in a statement that an unauthorized third party stole data associated with more than one billion user accounts in August 2013.
According to Yahoo’s chief information security officer Bob Lord, “The company hasn’t been able to determine how the data from the one billion accounts was stolen. “We have not been able to identify the intrusion associated with this theft,” Lord wrote in a post announcing the hack.
“The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,” Lord added.
When Yahoo disclosed the 2014 data breach in September it said that information had been stolen by a state-sponsored actor, however, it did not reveal which country was responsible.
Yahoo has come under pressure to disclose why it took so long for that breach to be made public.
Yahoo says it is notifying the account holders affected by the breach and the affected users will be required to change their passwords.
The company reported that its proprietary code had been accessed by a hacker, who used the code to forge cookies to access accounts without a password. “The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies,” Lord said, adding that he believed the attack was launched by a state-sponsored actor.
Yahoo also faced scrutiny over its security practices in October, when Reuters reported that the company had secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials.