Yahoo has detected a three-year old security breach that enabled a hacker to compromise over one billion user accounts, breaking the company’s own humiliating record for the biggest security breach in history.
They disclosed it on Wednesday 2016 that it occurred in August 2013, more than a year before a separate hack that Yahoo announced nearly three months ago which took place in 2014. That breach affected at least 500 million users, which had been the most far-reaching hack until the latest revelation.
“Simply everyone that has a Yahoo account should be concerned,” Robert Siciliano, a US-based security analyst
Yahoo has more than a billion monthly active users, although some have multiple accounts and others have none at all. An unknown number of accounts were affected by both hacks.
In both attacks, the stolen information included names, email addresses, phone numbers, birthdates and security questions and answers.
The company says it believes bank-account information and payment-card data were not affected. But hackers also apparently stole passwords in both attacks. Technically, those passwords should be secure; Yahoo said they were scrambled twice – once by encryption and once by another technique called hashing.
It is unclear how many Yahoo users were affected by both attacks. The internet company has more than 1 billion active users, but it is not clear how many inactive accounts were hacked.
“What’s most troubling is that this occurred so long ago, in August 2013, and no one saw any indication of a breach occurring until law enforcement came forward,” said Jay Kaplan, the chief executive of Synack, a security company. “Yahoo has a long way to go to catch up to these threats.”
Yahoo is urging users to change their password and security questions!!!