More than 1 billion Yahoo accounts were compromised in August 2013 by hackers, Yahoo announced today (Dec. 14).
The hack, which Yahoo believes is not connected to the security breach it previously disclosed in September 2016, would have had access to a large swath of information, including a user’s:
- email addresses
- telephone number
- date of birth
- hashed passwords
- security questions and answers
Bank account and payment card information was not affected, Yahoo says, since it was stored using a different system. The previously disclosed hack, which took place in 2014, compromised 500 million accounts.
Yahoo is notifying potentially affected users.
To make matters worse, Yahoo announced that it had uncovered another security vulnerability: the same “state-sponsored actor” accused of the 2014 hack was found to have been able to forge data to allow entry into users’ accounts without a password. Yahoo says it has contact affected users.
In today’s announcement, Yahoo encouraged users to review all of their online accounts for suspicious activity, and to change their passwords and security questions and answers for any other accounts that they used the same or similar information as they do for their Yahoo account.
Verizon, which agreed to purchase Yahoo for $4.8 billion in July, said it will, “evaluate the situation as Yahoo continues its investigation,” according to CNBC.
Yahoo’s stock price is down about 2.5% in after-hours trading.