Yahoo has identified a new system breach that occurred in August 2013 and involved data associated with more than one billion user accounts.
The incident is likely distinct from the breach the company disclosed in September, which was for a 2014 hack that saw data associated with at least 500 million user accounts stolen. At the time it was dubbed the biggest data breach ever.
Yahoo said an unauthorised third party had stolen the data in the latest breach and that it was working closely with law enforcement. The company's chief information security officer said Yahoo learned of the breach from law enforcement but was so far unable to determine how the data from one billion accounts was stolen.
"We have not been able to identify the intrusion associated with this theft," Lord said in a blog post.
"The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers".
The specification of MD5 is important because it is a method of hashing (or jumbling) passwords that is no longer used and no longer considered secure. While the attackers responsible for the breach may not have gained access to plain text passwords, they could in theory unlock the hashed passwords using a key obtained easily online to acquire a full profile of each user's email address, password, name and details.
Payment card data and bank account information were not stored in the system believed to be affected.
Yahoo said it will be contacting affected account holders
Reuters, with Fairfax Media
0 comments
New User? Sign up