Not Again! Yahoo! Says 1 Billion Users Affected in New Breach

yahoo-data-breachFormer Google competitor Yahoo! disclosed yesterday that it has discovered what is potentially history’s largest data breach, affecting more than one billion user accounts and dating back to August 2013.

The news comes just two months after Yahoo confirmed rumors of a massive security breach affecting at least 500 million Yahoo Mail users in September, though this breach is reportedly separate from the former, according to a statement from Yahoo CISO Bob Lord.

Yahoo was first notified of the massive breach by law enforcement, who provided the company with data files that a third party had claimed was Yahoo user data. Then, with the help of “forensic experts,” the search-co examined the data and determined that it had been obtained by an “unauthorized third party,” according to Lord.

As of yet, the company has not been able to figure out just how the data of its one billion-plus users were stolen, says lord. “We have not been able to identify the intrusion associated with this theft.”

Stolen user account information potentially included names, email addresses, phone numbers, dates of birth, MD5 hashed passwords, and even encrypted security questions and answers. Luckily, payment card data was not affected in the breach.

Yahoo says it is alerting compromised account holders of the breach and will require them to change their passwords.

Jeff Edwards
Follow Jeff

Jeff Edwards

Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

Leave a Reply

Your email address will not be published. Required fields are marked *