Yahoo reveals hack of 1 billion user accounts

Yahoo app

Photo via charnsitr/Shutterstock.com

You need to change your Yahoo password NOW.

Still have a Yahoo account? You’ve probably been hacked—again.

Yahoo on Wednesday afternoon revealed that hackers made off with the user data of more than 1 billion accounts. 

The breach occurred in August 2013, according to Yahoo, and is believed to be separate from an earlier intrusion, revealed in September and believed to have been carried out by a state actor, that exposed the accounts of more than 500 million user accounts

Yahoo says it has not yet been able to identify how the breach of 1 billion user accounts took place.

Yahoo says the data may include “names, email addresses, telephone numbers, dates of birth, hashed passwords … and, in some cases, encrypted or unencrypted security questions and answers.” The company says “passwords in clear text, payment card data, or bank account information” are not believed to be included in the stolen data. 

Separately, Yahoo says it discovered efforts to use forged cookies—small bits of data stored in a user’s browser—which the company says is linked to activity carried out by “the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.”

Yahoo’s chief information security officer Bob Lord wrote in a blog post that the company is taking steps to secure affected users.

We are notifying potentially affected users and have taken steps to secure their accounts, including requiring users to change their passwords. We have also invalidated unencrypted security questions and answers so that they cannot be used to access an account. With respect to the cookie forging activity, we invalidated the forged cookies and hardened our systems to secure them against similar attacks. We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts.

Further, Yahoo suggests users “review all of their online accounts for suspicious activity and to change their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account.”

In fact, it may be time to ditch that Yahoo account altogether.

Andrew Couts

Andrew Couts

Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.