Yahoo has confirmed that around One billion of its accounts are hacked and user-data stolen, in what is being considered a much worse hack than last time, when the Internet bigwig had admitted that 500 million of its accounts had been compromised.
‘More than One billion’
According to a statement from yahoo placed on Tumblr: “As we previously disclosed in November, law enforcement provided us with with information files that a 3rd party claimed was Yahoo user information. We analysed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data.”
It added: “Based on further analysis of this data by the forensic experts, we believe an unauthorised third party, in August 2013, stole data associated with more than 1 billion user accounts. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.”
What was stolen?
According to Yahoo, stolen data may have included names, email addresses, phone numbers, dates of birth and hashed passwords. Encrypted or unencrypted security inquiries and answers may likewise have been stolen. “The investigation indicates that the stolen data did not include passwords in clear content, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.”
Given the kind of data that was stolen, the culprit could easily commit identity theft by creating accounts to impersonate legitimate people and committing cybercrimes in their name. Also, although clear-text password was not stolen, the passwords of original accounts can be changed because the hackers have access to their security questions and security answers.
Yahoo had earlier said that its forensic experts were investigating the forged cookies, which could allow a hacker to access users’ accounts without a password. It also said that an unauthorised third party might have accessed the proprietary code and learnt how to forge cookies.
“The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies. We have associated some of this movement to a similar state-supported performer accepted to be in charge of the information burglary the organization unveiled on September 22, 2016.”
How to protect your accounts with these simple 9 steps
Step 1: Login to your Yahoo accounts and change the passwords immediately.
Step 2: Change passwords for recovery emails as well and for all the accounts related to Yahoo.
Step 3: Delete any email containing sensitive information and empty trash folder.
Step 4: Disconnect your Yahoo account from other services from account settings.
Step 5: Gmail offers better security. Switching to Gmail can be a wise move at this point.
Step 6: If you wish to continue Yahoo, enable two-factor authentication and setup Yahoo Account Key.
Step 7: Enable two-factor authentication for all personal accounts.
Step 8: Change passwords for all your banking accounts.
Step 9: Never open or download content from shady emails. It may contain malware.
Share your thoughts in comments below
you may like