Yahoo has reportedly confirmed on December 16, 2016, that over a billion user accounts were hacked back in August 2013. This incident is thought not to be related with the security issue disclosed on September 22, 2016, when the company announced that 500 million users were affected by a data breach in 2014.
Yahoo announced that the stolen information “may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers”.
Passwords in clear text, payment card data or bank account information were not stolen, given the fact that this information is stored on other servers than those attacked.
The company was alerted to the massive breach by law enforcement, while The New York Times reports that a billion-user database was sold on the Dark Web last August for $300,000. At the moment of disclosure Yahoo hasn’t been able to determine how the data was stolen.
Affected users will be notified about the breach and will be required to change their passwords. They are also required to change their security questions and answers, not to provide personal information to anyone and avoid clicking on links or downloading attachments from suspicious emails.
Get more articles by email.
Sign up for our newsletter to receive updates directly into your inbox. (No spam!)
How we use email address