New Yahoo Hack Affects One Billion Accounts

“State-Sponsored Actor”


If you’re a Yahoo email-user, you should change your password as soon as possible and also to start considering another email provider. After having admitted last September that over 200,000,000 Yahoo accounts were compromised, one month later,in October, the company confessed that there were actually 500,000,000 (that’s half a billion) email accounts hacked by a malicious third party.

Yahoo released a statement  today,confirming a massive data breach from August of 2013 which stole private data associated with over one billion email accounts. This new incident is separate from the previously disclosed hacking, which brings the total number of compromised Yahoo accounts at a staggering one and a half billion.

The company claims a state sponsored actor as being behind both instances of data theft from their servers. Yahoo’s stock price is obviously dropping and Verizon, the company which struck a deal to buy Yahoo’s business said that it will be looking into the matter, trying to review the impact of the new data breach.

Today’s security issue which is twice as big as the hack from September/October is the largest (ever disclosed) theft of private user data in history. Yahoo said that it’s working closely with law enforcement agencies and it has taken measures to secure its customer’s accounts.

Even if Yahoo failed to identify the culprit for the the latest intrusion culminated with a huge data theft, the company believes that these are 2 separate incidents. In both cases, the stolen data included email addresses, names, dates of birth, phone numbers and encrypted passwords.

Yahoo urged its customers to review all of their email accounts and to preemptively change their passwords and/or security questions/answers for any other related accounts. Yahoo users were advised to avoid downloading attachments/clicking links from suspicious emails and to never offer personal information to anyone pretending to be from Yahoo via email.

According to numerous security experts, hackers managed to forge Yahoo’s email-cookies thus gaining access to email accounts without requiring a password. The company believes that an unauthorized 3rd party managed to access Yahoo’s proprietary code and learned how to forge the respective cookies.

Yahoo shares dropped 2.4% after the news broke, to $39,92.

Source WSJ