Yahoo Discloses New Breach of 1 Billion User Accounts

Yahoo Discloses New Breach of 1 Billion User Accounts

Verizon, which has struck a deal to buy the company’s core business, says it will review the impact of the new breach

By ANNE STEELE Updated Dec. 14, 2016 5:34 p.m. ET

Yahoo Inc. revealed new security issues affecting more than a billion users’ data, a theft that is separate and twice as large as the hack it disclosed earlier this year.

On Wednesday, Yahoo said an unauthorized third party stole data associated with more than one billion user accounts in August 2013. In September, Yahoo blamed “state-sponsored” hackers for stealing data on 500 million user accounts, which at the time was the largest theft of personal user data ever disclosed.

Yahoo has agreed to sell its core business to Verizon Communications Inc. On Wednesday, Verizon said it would review the impact of the new breach.

Yahoo said it has taken steps to secure user accounts and is working closely with law enforcement.

In November, Yahoo disclosed law enforcement gave the company data files that a third party claimed was Yahoo user data. On Wednesday, the company confirmed it appears to be Yahoo user data.

Yahoo said it hasn’t identified the intrusion associated with the theft but believes it is likely distinct from the incident the company disclosed in September.

The stolen data in both cases may have included names, email addresses, dates of birth, telephone numbers and encrypted passwords, Yahoo said.

The company urged users to review all of their online accounts and to change their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account. It also recommended users avoid clicking links or downloading attachments from suspicious emails and remain cautious of unsolicited communication asking for personal information.

Separately, Yahoo, which had previously disclosed that its outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password, said Wednesday it believes an unauthorized third party accessed the company’s proprietary code to learn how to forge cookies. Yahoo is notifying affected account holders, and has invalidated the forged cookies.

Shares in the company lost 2.4% after hours to $39.92.


Comments

Popular posts from this blog

How Facebook Outs Sex Workers

The Silicon Valley Backlash is Heating Up

High-speed Hyperloop track ready for first trial run in Nevada