Security Tech News

Yahoo Reveals Yet Another Giant Security Breach

Dave Parrack 15-12-2016

Another day, another Yahoo hack. This one dating back all the way to 2013. This particular security breach resulted in the user data of 1 billion Yahoo accounts being stolen. Even if you don’t want to read on any further, do yourself a favor and change your password. Now.


In August 2013, what Yahoo is calling an “unauthorized third party” stole the data associated with 1 billion Yahoo accounts. This included “names, email addresses, telephone numbers, dates of birth, hashed passwords […] and, in some cases, encrypted or unencrypted security questions and answers”.

Thankfully, the stolen data did not include “passwords stored in clear text, payment card data, or bank account information”. However, the passwords stolen were only hashed using MD5 What All This MD5 Hash Stuff Actually Means [Technology Explained] Here's a full run-down of MD5, hashing and a small overview of computers and cryptography. Read More , which was already easily crackable by the time this intrusion occurred.

What Yahoo and You Can Do Now

Yahoo has taken steps to secure the accounts affected and is notifying users. Unencrypted security questions and answers have been invalidated to prevent the hackers accessing affected accounts using this method.

All you can really do now is change your password to something more memorable 6 Tips For Creating An Unbreakable Password That You Can Remember If your passwords are not unique and unbreakable, you might as well open the front door and invite the robbers in for lunch. Read More on Yahoo and on any other sites where you use the same (or very similar) login credentials. The same applies to security questions and answers you have used on Yahoo and then replicated elsewhere.

Hackers Forged Cookies to Access Accounts

As well as admitting 1 billion users have had their user data stolen, Yahoo has also disclosed that an unauthorized third party “accessed our proprietary code to learn how to forge cookies”. This allowed hackers to access Yahoo accounts without even needing a password.


The “outside forensic experts” Yahoo had investigating this have now identified the accounts affected, and any forged cookies have been invalidated. Interestingly, Yahoo claims the culprit is “the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016”. That was this security breach Yahoo! We Lost Your Data! Two Years Ago... Web giant Yahoo has suffered an enormous data breach. The breach, which took place in 2014, resulted in the information of 500 million Yahoo users being offered for sale on the dark web. Read More , for those who have lost track.

Yahoo appears to have a serious problem with security, and that problem has obviously existed for several years. No wonder Verizon is reported to be considering its options with regards to its impending acquisition of Yahoo. Maybe a company with so many leaks isn’t worth $4.8 billion.

Do you still have a Yahoo account? How do you feel knowing your user data may have been hijacked three years ago without you knowing? Are you getting sick of having to constantly change your Yahoo password? Please let us know in the comments below!

Related topics: Hacking, Online Security, Security Breach, Yahoo.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. imelda
    March 24, 2018 at 5:30 pm

    Two months ago up to now all my social media accounts are hacked. Google account, my wordpress website, facebook and more. I tried to open or create new email from yahoo but still hackers got access. all my online business and personal data were compromised. I tried to report the issue to those platform and website but nothing happened because hackers are also the one responding to my email. It's been two months now that I can't do business. I already tried to have my devies repair by a computer technician but still keep on coming back.I hope someone will help me fix the issue.

  2. Zhong
    December 15, 2016 at 11:54 pm

    I don't think switching to another email account and deleting your yahoo mail will be easy as you've had contacts and created accounts to be modified.

  3. Dave B
    December 15, 2016 at 4:35 pm

    Can someone recommend a good Alternative to Yahoo and how to move when iv had the same address for 14 yeaes

  4. Paul Hays
    December 15, 2016 at 3:12 pm

    Yahoo is essentially a crap-magnet. What a ridiculous "community." Please, everybody, lose your Yahoo fixation and move ahead.