Yahoo has revealed that a security breach has likely caused a compromise on over 1 billion user accounts. According to an official blog post by Yahoo’s Chief Information Security Officer(CISO) Bob Lord,
...we believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.
This latest breach is different from the September disclosure of 500 million accounts that were hacked sometime in 2014.
Stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5).
Clear text passwords, payment information and banking information were indicated not stolen as the system that stores them was not affected.
In July, it was reported that broadband telecom company Verizon was in a bid to buy Yahoo for $4.83 billion, and all of sudden, there was a long and disturbing silence on the deal. There have been deliberations in different quarters that the recent security compromises are responsible for the lag in seeing the deal with Verizon through.
On the security breach, Yahoo said potentially affected users are being notified and have taken steps to secure their accounts, including requiring users to change old passwords.
To further protect their accounts, users are advised to;
- Regularly review account activity
- Change passwords of other accounts that have similar passwords with the Yahoo mail
- Beware of website and emails demanding personal information
- Avoid opening suspicious links and attachments
- Consider using the Yahoo Account Key for authentication.
