In September 2016, Yahoo acknowledged that data from over 500 Million user accounts had been stolen. The announcement followed a report by Vice’s Motherboard which stated that a potential security breach may have taken place at Yahoo in which 200 Million records were stolen and later sold through the dark web. The majority of the data stolen included usernames, passwords, dates of birth for individuals as well as well as backup addresses for various users with most of the data from 2012.
In a new announcement on its blog, Yahoo says over 1 Billion accounts have been hacked. Yahoo says the hack is separate from the one reported in September. The firm states that the stolen data includes names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases encrypted or unencrypted security questions and answers. The firm states hackers were not able to make away with passwords in clear text, payment card data, or bank account information.
Yahoo says it is notifying users affected by the breach and asking them to change their passwords. It has also said its proprietary code had been accessed by a hacker, who used the code to forge cookies that could be used to access accounts without a password. The firm is thus notifying the affected account holders, and have invalidated the forged cookies Yahoo further say they have hardened their systems to secure them against similar attacks.
The news comes just after Yahoo was recently acquired by Verizon Wireless for $5 Billion. Yahoo was at one time the most valuable companies in the world with a market capitalization of $125 Million. The company, however, failed to compete effectively owing to increased competition in search by companies such as Google; competition on social media owing to rise of companies such as Facebook and on the Video front with the rise of YouTube and others. The firm also failed to have a stable leadership to guide its transition.