Yahoo admits one BILLION more accounts hacked

December 14, 2016 by Paul Spoerry 6 Comments

Yahoo admits it’s been hacked again, and 1 billion accounts were exposed
That’s a billion with a b—and is separate from the breach “cleared” in September.

Just months after disclosing a breach that compromised the passwords for a half billion of its users, Yahoo now says a separate incident has jeopardized data from at least a billion… yes with a B… more user accounts. Apparently, hackers figured out a way to log into Yahoo accounts without even supplying the victim’s password.

On September 22, Yahoo warned that a security breach of its networks affected more than 500 million account holders. Today, the company said it uncovered a separate incident in which thieves stole data on more than a billion user accounts, and that the newly disclosed breach is separate from the incident disclosed in September.

The company's statement says that for “potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”

In addition, the attackers worked out a way to forge cookies that Yahoo places on user computers when they log in. Authentication cookies are text files that contain information about the user’s session with Yahoo. Cookies can contain a great deal of information about the user, such as whether that the user has already authenticated to the company’s servers.

The attackers in this case apparently found a way to forge these authentication cookies, which would have granted them to access targeted accounts without needing to supply the account’s password. In addition, a forged cookie could have allowed the attackers to remain logged into the hacked accounts for weeks or indefinitely.

Check this out on Google+

About Paul Spoerry

I’m a groovy cat who’s into technology, Eastern Thought, and house music. I’m a proud and dedicated father to the coolest little guy on the planet (seriously, I'm NOT biased). I’m fascinated by ninjas, the Internet, and anybody who can balance objects on their nose for long periods of time.

I have a utility belt full of programming languages and a database of all my knowledge on databases... I practice code fu. Oh, I've also done actual Kung Fu, and have a black belt in Tae Kwon Do.

I run. I meditate. I dance. I blog at PaulSpoerry.com, tweet @PaulSpoerry, and I'm here on Google+.

I'm currently work for IBM developing web enabled insurance applications for IBM and support and develop a non-profit called The LittleBigFund.

Loading Facebook Comments ...

Comments

Sonic's Ghost says

December 14, 2016 at 6:48 pm

Can I become a moderator for your Facebook community I really want to help because I'm a big fan of Facebook
Sonic's Ghost says

December 14, 2016 at 6:52 pm

+Paul Spoerry is it alright with you if I became mod in your FB community I will help you in every way I promise
Runivis Roan says

December 14, 2016 at 7:11 pm

It's a shame yahoo hasn't been able to admit they became irrelevant years ago.
Paul Spoerry says

December 14, 2016 at 7:19 pm

+Sonic's Ghost – I have a couple of mods already and not really looking for more unless they already have experience doing it. Feel free to PM me if you have experience and can show examples.

+Runivis Roan Agreed. I just got off the phone with a family member who still uses them discussing that exact topic. At least this time they didn't wait YEARS before sharing the news they'd been breached?
Keith Simonian says

December 14, 2016 at 7:46 pm

Every week or so when I use my Yahoo email account I get a message from Yahoo about putting their App my computer to allow a more secure login to my email. Yeah, I want me some of that more "secure" Yahoo technology.
Sonic's Ghost says

December 15, 2016 at 4:31 pm

+Paul Spoerry Done I messaged you privately

About Paul Spoerry

Have a comment?

Comments

Leave a Reply Cancel reply