Yahoo has announced that over a billion of its user accounts have been breached in one of the biggest hacks of all time, and this isn’t the same incident you heard during September this year when 500 million Yahoo account details were compromised.
On Wednesday, the company issued a statement which pointed out that in August 2013 a major breach of security via a third party took place.
Multitudes of user data including names, email addresses, telephone numbers, dates of birth, hashed passwords, encrypted or unencrypted security questions and answers were stolen from their servers.
“In November, law enforcement provided the company with data files that a third party claimed was Yahoo user data. The company analysed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data,” Yahoo stated.
The company believes, but isn’t sure, that passwords in clear text, payment card data and bank account information remain safe as the system which stores this information remains unaffected.
The company is in the process of notifying users that they know have been affected by this major data theft and has disabled the security question and answer feature on their service in the meantime to avoid them being used to accessing an account.
“An unauthorised third party, in August 2013, stole data associated with more than one billion user accounts. The company has not been able to identify the intrusion associated with this theft,” the company stated.
The company recommends that users review their online accounts (the ones associated with your Yahoo ID) for suspicious activity and to change the passwords, security question-answer if similar login information as your yahoo ID is being used for those accounts as well.
“The unauthorised party accessed the company’s proprietary code to learn how to forge cookies. The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used,” Yahoo adds.
Yahoo also recommends that users avoid clicking on suspicious emails, especially those asking for personal information, even if they seem to be sent from a legitimate source.
This is the second reported breach of Yahoo servers this year, the first one reported on September 22, 2016.
Yahoo has also connected some of this data theft activity to the same attacker responsible for the first breach of the year.
Yahoo Account Key is a simple authentication tool that will help you access your account without the need of a password. Yahoo will send you a notification on your mobile device and with the key enabled there will be no use of passwords to access your account, so no one other than you can sign in.
If you’ve any more questions related to the breach — head over to Yahoo’s help page here.
Another method is to delete your account altogether if you haven’t been using it, of course after you make a backup of all your emails and other data on the account using this simple walkthrough by the company.