In what feels like déjà vu, there's more bad news for Yahoo users. The company announced Wednesday (Dec. 14) that a new cybersecurity breach incident has affected over a billion of its users and their private data.
Reportedly, an unauthorized third party stole data associated with the more than 1 billion Yahoo user accounts back in 2013. This billion-user figure means this newest hack is the largest data breach in the digital era.
Yahoo stated that it has taken measures to secure user accounts and is currently working with law enforcement in an investigation. Verizon, which has been in negotiations with Yahoo since July over a $4.83 billion buyout of its core assets, said it would review the impact of the latest breach.
Yahoo claims to have connected some of the activity in the current breach to the same state-sponsored actor the company believes is responsible for the data theft back in September, said The Wall Street Journal. In September of this year, it was revealed that over 500 million Yahoo accounts had been compromised back in 2014.
“The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. We have invalidated unencrypted security questions and answers so that they cannot be used to access an account,” wrote Bob Lord, chief information security officer at Yahoo, in a blog post announcement.
Additionally, Lord wrote that the company hasn’t been able to determine how the data from the 1 billion accounts was stolen. Yahoo is notifying all the users affected and asking them to change their passwords.
In the previous hack, data like email addresses, dates of birth, telephone numbers and encrypted passwords were indeed taken. However, payments information was spared. No word yet on the specific information lost in the most recently announced breach.