Yahoo admits it’s been hacked again, and 1 billion accounts were exposed
That’s a billion with a b—and is separate from the breach “cleared” in September.
Just months after disclosing a breach that compromised the passwords for a half billion of its users, Yahoo now says a separate incident has jeopardized data from at least a billion… yes with a B… more user accounts. Apparently, hackers figured out a way to log into Yahoo accounts without even supplying the victim’s password.
On September 22, Yahoo warned that a security breach of its networks affected more than 500 million account holders. Today, the company said it uncovered a separate incident in which thieves stole data on more than a billion user accounts, and that the newly disclosed breach is separate from the incident disclosed in September.
The company's statement says that for “potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”
In addition, the attackers worked out a way to forge cookies that Yahoo places on user computers when they log in. Authentication cookies are text files that contain information about the user’s session with Yahoo. Cookies can contain a great deal of information about the user, such as whether that the user has already authenticated to the company’s servers.
The attackers in this case apparently found a way to forge these authentication cookies, which would have granted them to access targeted accounts without needing to supply the account’s password. In addition, a forged cookie could have allowed the attackers to remain logged into the hacked accounts for weeks or indefinitely.
Sonic's Ghost says
Can I become a moderator for your Facebook community I really want to help because I'm a big fan of Facebook
Sonic's Ghost says
+Paul Spoerry is it alright with you if I became mod in your FB community I will help you in every way I promise
Runivis Roan says
It's a shame yahoo hasn't been able to admit they became irrelevant years ago.
Paul Spoerry says
+Sonic's Ghost – I have a couple of mods already and not really looking for more unless they already have experience doing it. Feel free to PM me if you have experience and can show examples.
+Runivis Roan Agreed. I just got off the phone with a family member who still uses them discussing that exact topic. At least this time they didn't wait YEARS before sharing the news they'd been breached?
Keith Simonian says
Every week or so when I use my Yahoo email account I get a message from Yahoo about putting their App my computer to allow a more secure login to my email. Yeah, I want me some of that more "secure" Yahoo technology.
Sonic's Ghost says
+Paul Spoerry Done I messaged you privately