Another Huge Yahoo Breach Affected One Billion Accounts
Yesterday, Yahoo announced yet another massive data breach, one in which the hacker stole one billion Yahoo email accounts in August 2013.
The stolen data included names, email addresses, birth dates, telephone numbers and password hashes, which are a string of characters that help websites verify whether or not a password is correct. In some cases, the security questions were also stolen. If the hacker publishes these, it would be easier for cybercriminals to gain access to other user accounts that utilize the same security questions and answers.
In September, Yahoo announced the account information of 500 million users had been stolen. At that time, experts believed it was the largest known data breach in history, but that previous hack has been overshadowed by Yahoo’s most recent revelation. The company has said the latest data breach is different than the previously announced breach.
Yahoo discovered this latest massive breach when law enforcement officials shared stolen user data they had uncovered. The company believes the “state-sponsored actor” they are blaming for the 500 million-account breach was involved in this attack as well.
To steal the data, Yahoo said the attacker forged cookies, which are small packages of data that track users and inform browsers which accounts a user is signed into. The cybercriminals did this by accessing and dissecting Yahoo’s “proprietary code.” Yahoo said they have since invalidated those fake cookies, and are notifying affected users.
Yahoo reports having more than a billion users. Since users can create multiple accounts, it is unclear how many individual users have been affected by these two breaches.
This is the second massive breach Yahoo has revealed since reaching a deal with Verizon earlier this year.