Former Google competitor Yahoo! disclosed yesterday that it has discovered what is potentially history’s largest data breach, affecting more than one billion user accounts and dating back to August 2013.
The news comes just two months after Yahoo confirmed rumors of a massive security breach affecting at least 500 million Yahoo Mail users in September, though this breach is reportedly separate from the former, according to a statement from Yahoo CISO Bob Lord.
Yahoo was first notified of the massive breach by law enforcement, who provided the company with data files that a third party had claimed was Yahoo user data. Then, with the help of “forensic experts,” the search-co examined the data and determined that it had been obtained by an “unauthorized third party,” according to Lord.
As of yet, the company has not been able to figure out just how the data of its one billion-plus users were stolen, says lord. “We have not been able to identify the intrusion associated with this theft.”
Stolen user account information potentially included names, email addresses, phone numbers, dates of birth, MD5 hashed passwords, and even encrypted security questions and answers. Luckily, payment card data was not affected in the breach.
Yahoo says it is alerting compromised account holders of the breach and will require them to change their passwords.
Latest posts by Jeff Edwards (see all)
- 17 Security Blogs You Should Be Reading in 2017 - September 14, 2017
- The Equifax Hack: What You Need to Know - September 12, 2017
- SentinelOne Introduces ‘Deep Visibility Module’ for IOC Search and Threat Hunting on the Endpoint - September 8, 2017