Another 1 Billion Yahoo User Accounts Have Been Hacked, Verizon Acquisition Expected to Falter
Toggle Dark Mode
Over 1 billion Yahoo accounts were breached in an August 2013 hack, the company announced Wednesday.
Yahoo officials believe that an “unauthorized third party” stole private data associated with over one billion accounts. Names, telephone numbers, email addresses, passwords, dates of birth, and security questions may have been among the information stolen in the breach, according to a statement by Bob Lord, Yahoo’s chief information security officer. The breach isn’t believed to have included clear-text passwords, credit or debit card numbers, or bank account information, Lord added.
The hack is said to be a completely separate breach than the one involving 500 million accounts previously reported in September.
The Sunnyvale-based company was alerted to the hack by law enforcement officials, who provided Yahoo with stolen data believed to be associated with user accounts. Yahoo officials forensically analyzed the data, and found that found that hackers may have used the company’s proprietary code to forge cookies that allowed them to access accounts without a password. Although the tech giant was tipped off by authorities, it’s likely that the data was first discovered by security researchers monitoring black market data, ARS Technica reported.
The company hasn’t announced who it thinks is behind the latest hack, according to the New York Times. But, although believed to be distinct from the breach announced in September, Yahoo said both hacks may have used the same cookie forgery techniques. Notably, Yahoo believes that a “state-sponsored actor” was behind the breach reported in September.
This latest hack doesn’t bode well for Yahoo, who is still reeling from the fallout of the last reported breach. The company is in the midst of an acquisition by Verizon. In October, Verizon asked for a $1 billion discount off of the proposed $4.8 billion deal in light of September’s data breach announcement and allegations of spying, CNET reported. We don’t know how yesterday’s announcement will affect the acquisition — but some predict that Verizon will either exit the deal, or ask for an even bigger discount.
Yahoo said that it has invalidated the fraudulent cookies, and is notifying potentially affected users about the breach. But the already-stolen data could allow hackers to enter your non-Yahoo accounts — especially if the passwords and security questions are the same.
If you are or were a Yahoo user, it might be a smart time to change the passwords and security questions on all of your accounts.
