Previewed at WWDC, launching in the fall.
Yahoo Discloses Second Major Hack, More Than 1 Billion Accounts Compromised
Yahoo today announced that it believes more than one billion Yahoo user accounts were compromised in a hack by an unauthorized third party in August of 2013.
Information stolen from affected accounts includes names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers. Clear text passwords, bank account information, and credit/debit card information were not believed to be accessed in the attack.
According to Yahoo, the hack was discovered after law enforcement officials provided the company with what appeared to be Yahoo user data from an unknown source. Yahoo says it has not been able to identify the specific intrusion, but it is "likely" distinct from a late 2014 hack that compromised more than 500 million Yahoo user accounts.
Earlier this year, Yahoo confirmed that "at least" 500 million user accounts were accessed in September of 2014, and this marks a second attack during the same general timeframe.
Yahoo is notifying users who may have been affected by the attack, and says it has "taken steps" to secure their accounts by implementing mandatory password changes. Unencrypted security questions and answers have also been invalidated.
Along with the 2013 hack compromising 1 billion user accounts, Yahoo has also announced that an ongoing outside investigation suggests an unauthorized third party accessed proprietary code to forge cookies, a technique that may have been used by the hackers responsible for the September 2014 attack. Those account holders are also being notified.
Information stolen from affected accounts includes names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers. Clear text passwords, bank account information, and credit/debit card information were not believed to be accessed in the attack.
According to Yahoo, the hack was discovered after law enforcement officials provided the company with what appeared to be Yahoo user data from an unknown source. Yahoo says it has not been able to identify the specific intrusion, but it is "likely" distinct from a late 2014 hack that compromised more than 500 million Yahoo user accounts.
Earlier this year, Yahoo confirmed that "at least" 500 million user accounts were accessed in September of 2014, and this marks a second attack during the same general timeframe.
Yahoo is notifying users who may have been affected by the attack, and says it has "taken steps" to secure their accounts by implementing mandatory password changes. Unencrypted security questions and answers have also been invalidated.
Along with the 2013 hack compromising 1 billion user accounts, Yahoo has also announced that an ongoing outside investigation suggests an unauthorized third party accessed proprietary code to forge cookies, a technique that may have been used by the hackers responsible for the September 2014 attack. Those account holders are also being notified.
The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. Yahoo is notifying the affected account holders, and has invalidated the forged cookies. The company has connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.Yahoo suggests users "review all of their online accounts" to check for suspicious activity and change any passwords that might have been used for a Yahoo account and another online account. Yahoo also recommends implementing two-factor authentication and avoiding links from suspicious emails.
Tag: Yahoo
[ 165 comments ]
Top Rated Comments
(View all)
20 months ago
I wonder if Verizon has the ability to walk away from the merger without significant financial consequence at this point? This is akin to finding out that the person you're engaged to has been living a secret life as a prostitute for the past 10 years.
20 months ago
Being hacked is one thing, how they manage to sweep it under is another thing.
20 months ago
Glory days!
I remember the battles trying to get my sites listed in yahoo. It was where you needed to be. The amount of traffic you'd start getting once listed in the yahoo index proper was such a thrill.
You could also get some attention via very modern methods:
20 months ago
Oh boy, I miss the days. (Altavista was and still is my favorite)
I am getting old.
I am getting old.
[ Read All Comments ]
AT&T has launched a new Father's Day deal for the next few days, offering new and existing customers who purchase an iPhone X as an upgrade or a new line a second iPhone X at no additional...
For this week's giveaway, we've teamed up with Choetech to offer MacRumors readers a chance to win a Qi-enabled 7.5W Wireless Charging Pad for the iPhone X, iPhone 8, and iPhone 8 Plus.
...
Danalock today announced that the HomeKit version of its Danalock V3 smart lock is now available for purchase from Apple's website and retail stores in more than 20 other countries across Europe,...
AT&T this afternoon announced that it has completed its acquisition of Time Warner, just two days after a U.S. District Court Judge ruled that the merger could move forward.
"The content...
Just in time for the FIFA World Cup, which began today, live sports are now available in Apple's TV app on iPhone, iPad, and Apple TV in Canada.
At launch, Sportsnet, TSN, RDS, CBC, and...
iOS 12 introduces USB restrictions that effectively put an end to law enforcement access to iPhones and iPads using devices like the GrayKey box, but Grayshift, the company that makes the box, may...
Apple today shared a new promotion that will allow Apple Pay users to get two free bike rides through the ofo app from now until June 20.
Ofo is a smart bike sharing service that's designed...
Apple today introduced updates for its iWork apps, adding new features to Pages, Numbers, and Keynote for both iOS devices and Macs.
Today's update introduces support for recording, editing,...
