Still have a Yahoo account? You’ve probably been hacked—again.
Yahoo on Wednesday afternoon revealed that hackers made off with the user data of more than 1 billion accounts.
The breach occurred in August 2013, according to Yahoo, and is believed to be separate from an earlier intrusion, revealed in September and believed to have been carried out by a state actor, that exposed the accounts of more than 500 million user accounts.
Yahoo says it has not yet been able to identify how the breach of 1 billion user accounts took place.
Yahoo says the data may include “names, email addresses, telephone numbers, dates of birth, hashed passwords … and, in some cases, encrypted or unencrypted security questions and answers.” The company says “passwords in clear text, payment card data, or bank account information” are not believed to be included in the stolen data.
Separately, Yahoo says it discovered efforts to use forged cookies—small bits of data stored in a user’s browser—which the company says is linked to activity carried out by “the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.”
Yahoo’s chief information security officer Bob Lord wrote in a blog post that the company is taking steps to secure affected users.
We are notifying potentially affected users and have taken steps to secure their accounts, including requiring users to change their passwords. We have also invalidated unencrypted security questions and answers so that they cannot be used to access an account. With respect to the cookie forging activity, we invalidated the forged cookies and hardened our systems to secure them against similar attacks. We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts.
Further, Yahoo suggests users “review all of their online accounts for suspicious activity and to change their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account.”
In fact, it may be time to ditch that Yahoo account altogether.
