Yahoo comes clean about a giant breach (AGAIN!) – another 1 billion records compromised

Not too long ago we posted “One of the largest cybersecurity breaches EVER you did NOT know about [Yahoo]” blog, and now it happens again – and this time it’s twice as big, and it goes further back.

The Yahoo corporate office disclosed information on breach of more than a billion – over 1,000,000,000 accounts that occurred in August 2013. The breach is believed to be separate from the 2014 theft of data from half a billion users officially acknowledged earlier this year.

Reportedly Yahoo hasn’t been able to figure out how the information from this newly reported breach of one billion accounts was stolen.  The company is currently notifying the account holders affected by this breach, advising them to immediately change their passwords.

in the past breaches, the hacked Yahoo data has been sold at least three times, including once to some state-sponsored actor.  The following credentials of Yahoo users have been confirmed to be compromised:

  • Yahoo Login
  • Recovery Email
  • Date of Birth
  • Hash of Password (MD5)
  • Country Code
  • Mobile phone (if  listed by the user for password recovery process)
  • ZIP code (if listed by the user for password recovery process)

According to Yahoo’s CISO Bob Lord, there are reasons to believe that this breach has a similar lineup of credentials compromised, as well.

Yahoo was alerted to this huge breach by law enforcement and has examined the information with external forensic specialists. and the bad news is that the hashing algorithm MD5 is no longer considered secure.

Yahoo also admitted that its proprietary code had been compromised by a hacker, believed to be another state-sponsored actor, who used the code to forge cookies to gain access to data.

Yahoo has been in hot water for the string of intrusions and scanning all of the user accounts at the request of the US intelligence agency last year.  With this latest revelation, it is losing what’s left of customers’ trust, fast. 

What can you do to protect your private data today?

Using common sense when protecting data is no longer enough.  You must practice strict cybersecurity protocols to minimize your risk

  1. Stop using public cloud email services for business
  2. Avoid using the same login name and password for multiple, different accounts.
  3. Avoid using debit cards or bank account transfers.
  4. Update your passwords frequently.
  5. Limit the information you provide via the online accounts.
  6. Use multi-factor authentication
  7. Utilize Layered security techniques
  8. Deploy and always use a professional, top-grade antivirus program.

For more hands-on advice read our IT security tips for business.

Consider Computer Network Security Services

Our technicians and network engineers are professional experts in computer network security for business. powersolution can help you keep your data secure, and your business network well-maintained.

How is your state of IT? Call Us: (855) 551-7760 with any questions.