Yahoo Owned Again By Hackers That Infiltrated And Stole Info From Over 1 Billion User Accounts

My phone just pinged. Did someone just like the Instagram photo of my dog? Is my Chipotle to-go order finally ready? Nope, I was one of the lucky one billion users whose Yahoo account was infiltrated by hackers, my personal information potentially compromised.

yahoo headquarters

This past November law enforcement provided Yahoo with files that a third party claimed was Yahoo user data. Yahoo then hired an outside forensics team, and established that the data did in fact belong to their users. According to Yahoo, “Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with a broader set of user accounts…” That "broader set" of accounts unfortunately amounts to a massive, over 1 billion affected users.

Yahoo Breach Email Notification

What information was stolen? The hackers gained access to names, email addresses, telephone numbers, dates of birth, hashed passwords, and even encrypted and unencrypted security questions and answers. Passwords in clear text, payment card data, or bank account information were supposedly not stored in the system that they believe was affected and therefore unlikely were stolen.

Yahoo Email Breach

Yahoo is requiring affected users to change their passwords and they have invalidated unencrypted security questions and answers. They also claim to “continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts”. Yahoo insists that users change their passwords and security answers, review their accounts for suspicious activity, and avoid clicking shady links. They also encourage users to try their Yahoo Account Key, “...a simple authentication tool that eliminates the need to use a password on Yahoo altogether.”

Yahoo breach email details

This is, not the first, not the second, but the THIRD TIME THIS YEAR that Yahoo has disclosed that they have been hacked. This past May, Russian hackers stole and traded on the black market information from more than 40 million Yahoo accounts. The information was mostly from American banking, manufacturing, and retail outfits. This past summer, a hacker known as “Peace” listed 200 million Yahoo accounts for 3 bitcoins or roughly $1,800 USD at the time. And of course, Yahoo was recently slapped with a class action suit for gross negligence in their data breaches - it just keeps getting worse for the company Verizon recently acquired, though VZ is still evaluating the mess and fallout. 

Yahoo does not know who is responsible for the most current hack. They have confirmed that it is unrelated to the security breach from the late summer. If you have a Yahoo account, please change your password right now and follow the instructions from Yahoo in any email notices you receive.