Pinterest Stumbleupon Whatsapp
Advertisement

Another day, another Yahoo hack. This one dating back all the way to 2013. This particular security breach resulted in the user data of 1 billion Yahoo accounts being stolen. Even if you don’t want to read on any further, do yourself a favor and change your password. Now.

In August 2013, what Yahoo is calling an “unauthorized third party” stole the data associated with 1 billion Yahoo accounts. This included “names, email addresses, telephone numbers, dates of birth, hashed passwords […] and, in some cases, encrypted or unencrypted security questions and answers”.

Thankfully, the stolen data did not include “passwords stored in clear text, payment card data, or bank account information”. However, the passwords stolen were only hashed using MD5 What All This MD5 Hash Stuff Actually Means [Technology Explained] What All This MD5 Hash Stuff Actually Means [Technology Explained] Here's a full run-down of MD5, hashing and a small overview of computers and cryptography. Read More , which was already easily crackable by the time this intrusion occurred.

What Yahoo and You Can Do Now

Yahoo has taken steps to secure the accounts affected and is notifying users. Unencrypted security questions and answers have been invalidated to prevent the hackers accessing affected accounts using this method.

All you can really do now is change your password to something more memorable 6 Tips For Creating An Unbreakable Password That You Can Remember 6 Tips For Creating An Unbreakable Password That You Can Remember If your passwords are not unique and unbreakable, you might as well open the front door and invite the robbers in for lunch. Read More on Yahoo and on any other sites where you use the same (or very similar) login credentials. The same applies to security questions and answers you have used on Yahoo and then replicated elsewhere.

Hackers Forged Cookies to Access Accounts

As well as admitting 1 billion users have had their user data stolen, Yahoo has also disclosed that an unauthorized third party “accessed our proprietary code to learn how to forge cookies”. This allowed hackers to access Yahoo accounts without even needing a password.

The “outside forensic experts” Yahoo had investigating this have now identified the accounts affected, and any forged cookies have been invalidated. Interestingly, Yahoo claims the culprit is “the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016”. That was this security breach Yahoo! We Lost Your Data! Two Years Ago... Yahoo! We Lost Your Data! Two Years Ago... Web giant Yahoo has suffered an enormous data breach. The breach, which took place in 2014, resulted in the information of 500 million Yahoo users being offered for sale on the dark web. Read More , for those who have lost track.

Yahoo appears to have a serious problem with security, and that problem has obviously existed for several years. No wonder Verizon is reported to be considering its options with regards to its impending acquisition of Yahoo. Maybe a company with so many leaks isn’t worth $4.8 billion.

Do you still have a Yahoo account? How do you feel knowing your user data may have been hijacked three years ago without you knowing? Are you getting sick of having to constantly change your Yahoo password? Please let us know in the comments below!

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Zhong
    December 15, 2016 at 11:54 pm

    I don't think switching to another email account and deleting your yahoo mail will be easy as you've had contacts and created accounts to be modified.

  2. Dave B
    December 15, 2016 at 4:35 pm

    Can someone recommend a good Alternative to Yahoo and how to move when iv had the same address for 14 yeaes

  3. Paul Hays
    December 15, 2016 at 3:12 pm

    Yahoo is essentially a crap-magnet. What a ridiculous "community." Please, everybody, lose your Yahoo fixation and move ahead.