A hacker stole information from more than one billion Yahoo email accounts in August 2013, the company announced Wednesday.
The data included names, email addresses, telephone numbers, dates of birth, and password hashes, which are strings of characters that help a website check whether or not an entered password is correct. Some people may have also had answers to their security questions stolen, which, if published, could make it easier for hackers to gain access to other accounts that use the same security answers.
Earlier this year, Yahoo announced that information from 500 million user accounts was stolen. At the time, that looked like one of the largest single data breaches in existence—but it’s now been eclipsed in scale by the latest hack. The company says the data breach it announced Wednesday is separate from the one it notified users about in September.
Yahoo says it discovered the billion-user breach with the help of law enforcement, which shared with the company a trove of stolen user data that it had uncovered. The “same state-sponsored actor” behind the 500 million-user breach was likely involved in this cyberattack, too, according to Yahoo.
The attacker was able to “forge” cookies—small packages of data that track users and tell browsers which accounts a user is signed into, among other things—by accessing and dissecting Yahoo’s “proprietary code,” the company said. Yahoo invalidated the fake cookies, and is notifying the users whose accounts were breached.
At a conference in 2015, Yahoo CEO Marissa Mayer referred to “the more than 1 billion users that are on the Yahoo and Tumblr platforms.” A Yahoo spokesperson did not immediately respond to a request for comment on the current number of Yahoo users.
from Technology | The Atlantic http://ift.tt/2hGFFkz
