Former Google competitor Yahoo! disclosed yesterday that it has discovered what is potentially history’s largest data breach, affecting more than one billion user accounts and dating back to August 2013.
The news comes just two months after Yahoo confirmed rumors of a massive security breach affecting at least 500 million Yahoo Mail users in September, though this breach is reportedly separate from the former, according to a statement from Yahoo CISO Bob Lord.
Yahoo was first notified of the massive breach by law enforcement, who provided the company with data files that a third party had claimed was Yahoo user data. Then, with the help of “forensic experts,” the search-co examined the data and determined that it had been obtained by an “unauthorized third party,” according to Lord.
As of yet, the company has not been able to figure out just how the data of its one billion-plus users were stolen, says lord. “We have not been able to identify the intrusion associated with this theft.”
Stolen user account information potentially included names, email addresses, phone numbers, dates of birth, MD5 hashed passwords, and even encrypted security questions and answers. Luckily, payment card data was not affected in the breach.
Yahoo says it is alerting compromised account holders of the breach and will require them to change their passwords.
Latest posts by Jeff Edwards (see all)
- 16 Security Podcasts to Listen to in 2017 - January 20, 2017
- Here’s What the Average Data Breach Cost in 2016 - January 20, 2017
- Bitdefender Acquires French Distributor Profil Technology - January 17, 2017