Yahoo Discloses Second Major Hack, More Than 1 Billion Accounts Compromised

[MacRumors]

Yahoo today announced that it believes more than one billion Yahoo user accounts were compromised in a hack by an unauthorized third party in August of 2013.

Information stolen from affected accounts includes names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers. Clear text passwords, bank account information, and credit/debit card information were not believed to be accessed in the attack.

According to Yahoo, the hack was discovered after law enforcement officials provided the company with what appeared to be Yahoo user data from an unknown source. Yahoo says it has not been able to identify the specific intrusion, but it is "likely" distinct from a late 2014 hack that compromised more than 500 million Yahoo user accounts.

Earlier this year, Yahoo confirmed that "at least" 500 million user accounts were accessed in September of 2014, and this marks a second attack during the same general timeframe.

Yahoo is notifying users who may have been affected by the attack, and says it has "taken steps" to secure their accounts by implementing mandatory password changes. Unencrypted security questions and answers have also been invalidated.

Along with the 2013 hack compromising 1 billion user accounts, Yahoo has also announced that an ongoing outside investigation suggests an unauthorized third party accessed proprietary code to forge cookies, a technique that may have been used by the hackers responsible for the September 2014 attack. Those account holders are also being notified.

The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. Yahoo is notifying the affected account holders, and has invalidated the forged cookies. The company has connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.

Yahoo suggests users "review all of their online accounts" to check for suspicious activity and change any passwords that might have been used for a Yahoo account and another online account. Yahoo also recommends implementing two-factor authentication and avoiding links from suspicious emails.

Article Link: Yahoo Discloses Second Major Hack, More Than 1 Billion Accounts Compromised

 

[Schwyz]

Yahoo has 1 billion+ accounts?
Wait, what company are we talking about again?

 

[farewelwilliams]

who still uses yahoo for anything anymore?

besides maybe flickr.

 

[Zmmyt]

This is nuts!

 

[keysofanxiety]

Wow, Yahoo really does suck.

 

[Zorn]

Hope Verizon has a solid out from their terrible deal after all this. It's time for Yahoo to fade into the past along with their once popular chat rooms.

 

[Mick-Mac]

another (really big) nail in their coffin...

 

[mitso]

bye bye Yahoo!

 

[ziggie216]

Being hacked is one thing, how they manage to sweep it under is another thing.

 

[avanpelt]

I wonder if Verizon has the ability to walk away from the merger without significant financial consequence at this point? This is akin to finding out that the person you're engaged to has been living a secret life as a prostitute for the past 10 years.

 

[japanime]

The hackers not only wanted to interfere with Yahoo Mail, they were trying to help Hotmail to win.

 

[44267547]

Yahoo is a hack. (No pun intended)

 

[macduke]

Best advice at this point is to shut down Yahoo and forget it ever existed.

 

[tigres]

2013, so current- again.
I am sure people are thankful to you Yahoo. /s

never used ya myself, guess I am lucky

 

[bingeciren]

who still uses yahoo for anything anymore?

besides maybe flickr.

I use it as a junk mail account. Whenever I have to give an email address for something, I give my Yahoo mail. I usually do not monitor it and send almost everything to trash every now and then.

That way if they give my email address to third parties, I don't care.

 

[c3pa]

1 BILLION

They hacked everyone with an account + their alter egos.

Need to change my pass ASAP.

 

[Noerdy]

Dang, imagine if this happened with google.

 

[JackieTreehorn]

who still uses yahoo for anything anymore?

besides maybe flickr.

Who still uses Flickr for anything anymore?

Besides maybe iPhone users

 

[Cartoonkid]

Yahoo has 1 billion+ accounts?
Wait, what company are we talking about again?

Doesn't mean they're all active.

 

[macduke]

I'm amazed that there are even 1 billion Yahoo accounts. I had one when I was a kid and I remember Yahoo deleted it many years ago. So for all the people saying these are inactive accounts, are they really?

 

[MACashin]

Yawho?

 

[ck2875]

Yahoo suggests users "review all of their online accounts" to check for suspicious activity and change any passwords that might have been used for a Yahoo account and another online account.​

...and once you complete that security review and archived any data you need, do yourself a favour and delete your Yahoo account.

https://edit.yahoo.com/config/delete_user

 

[cariacou]

Yahoo has been making poor decisions that remind me of Blackberry.

One of the reason Facebook google Apple are so successful is its users trust. You can neglect security, Yahoo.

 

[Amazing Iceman]

Who uses Yahoo! Mail anymore???

Quest Diagnostics reported yesterday that hackers got a hold of 34K medical records. I'd be more concern about it than Yahoo!

 

[Oblivious.Robot]

God damn it. I knew I should've switched long time ago.
As someone with at least 3 active yahoo accounts, am a complete idiot.

Can someone please recommend a better alternative?
Am opening Gmail accounts as we speak!