Yahoo Provides New Security Update on the 2013 Data Breach
Yahoo issued a security update for its August 2013 data breach. New intelligence shows all Yahoo accountholders were affected by the hack, not just the 500 million accounts that were already discovered.
Verizon acquired Yahoo last year, and was made aware of the breach shortly before announcing the acquisition. After the deal was completed, Verizon was informed of the additional security impact and immediately made the news public. Chandra McMahon, Chief Information Security Officer at Verizon, said, “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”
According to the security update FAQs, the stolen information did not include credit card information, debit card information, bank account information, or any other payment data. However, it did include usernames, passwords, telephone numbers, birthdays, first and last names, and security question answers.
Yahoo required all users to change their passwords after the data breach was discovered. They also required new, encrypted answers for security questions to further protect the accounts.