04 October 2017, India:
It has been disclosed that accounts of every Yahoo user back in 2013, that is 3 billion were compromised in one of the biggest hacks ever.
In 2013, a breach allowed attackers to steal email addresses, passwords, birth dates, telephone numbers and more. The new investigation indicated that stolen information didn’t include passwords in clear text, payment card data or information about bank accounts.
Back in December 2016, Yahoo had said that data from more than 1 billion user accounts was compromised in 2013, the largest of a series of thefts that forced Yahoo to cut the price of its assets in a sale to Verizon Communications, its current owner.
Oath, a subsidiary of Verizon, clarified and stated, “Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.”
This is not just a major blow to public confidence in Yahoo, but to Verizon, which had already received a discount of $350 million on its acquisition price for the company because of the initial findings from the breach.
“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said Chandra McMahon, Chief Information Security Officer, Verizon. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”
A spokesman for Oath, the new company formed by Verizon containing Yahoo’s online services, said Oath would immediately begin notifying the holders of the 2 billion additional accounts now known to have been compromised. The number will be far less than 2 billion people, as many individuals held more than one account on Yahoo or its subsidiaries, which include Flickr and Tumblr.
Yahoo’s provided a list of guidelines for what to do to secure your account. And whether you are still sticking with the company after all this, or whether you are using other services, they are generally good rules of thumb if you don’t follow them already:
- Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo Account (or whatever account happens to have been breached).
- Review your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.