14 Dec Yahoo admits it’s been hacked again, and 1 billion accounts were exposed
On December 14, Yahoo announced that after an investigation into data provided by law enforcement officials in November, the company and outside forensics experts have determined that there was in fact a previously undetected breach of data from more than 1 billion user accounts. The breach took place in August 2013 and is apparently distinct from the previous mega-breach revealed this fall—one Yahoo claims was conducted by a “state-sponsored actor.”
The information accessed from potentially exposed accounts “may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo’s chief information security officer, Bob Lord, reported in the statement issued by the company. “The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.”