UPDATE 10/5/2017: In 2016, Yahoo confirmed that its 2013 data breach affected 1 billion accounts – making it the largest data breach in history. Unfortunately, the company confirmed today that all Yahoo accounts were affected, bringing the number closer to 3 billion.
Yahoo’s breach compromised email, Tumblr, Fantasy and Flickr accounts. The news comes after the company received new information that revealed more accounts were impacted than originally reported.
Verizon – who acquired Yahoo’s core assets just before the announcement of last year’s breach event – made a public statement regarding the scope of affected accounts.
“The [Yahoo] company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” Verizon said.
What should you do?
TIP: Change the passwords to your online accounts. If you’re using passwords that were compromised in the Yahoo breach, your other accounts may also be at risk of exposure.
Be sure to continue following Fighting Identity Crimes for more updates on this story, as well as identity protection tips from our industry experts on how to continue securing your identity.
UPDATE 03/15/2017: New York Times reported that two Russian intelligence agents were behind the massive Yahoo data breach that affected 500 million Yahoo users in 2014. According to the Justice Department, these agents were initially assigned to find hackers operating in the U.S. Instead, the two Russian agents led what is being referred to as a “sweeping criminal conspiracy,” using stolen Yahoo data to target specific individuals (international government officials, journalists/media reporters, business executives). Federal prosecutors also found that they had broken into 50 Google accounts belonging to Russian officials and cybersecurity employees.
Separately, the breached information was used to circulate spam and collect payment card and gift card data. The suspects are facing a total of 47 criminal charges.
Yahoo has announced its second data breach this year, less than three months after confirming the first. This hack affected over 1 billion user accounts and, according to Yahoo, initially occurred in August 2013. The breach was confirmed after law enforcement looked into data files that had allegedly contained Yahoo user data. Information exposed in this breach includes names, phone numbers, birth dates, encrypted passwords and security questions.
In September 2016, Yahoo made public that approximately 500 million user accounts had been compromised back in 2014. Yahoo claims that it was aware of the first data breach in 2014, but did not realize the extent of the breach until a hacker (allegedly responsible for the LinkedIn, Twitter and Myspace data breaches as well) dumped 200 million Yahoo accounts online in July 2016.
What should you do?
The greatest takeaway from this breach: change your passwords and use different passwords for all of your online accounts. Additionally, avoid reusing the personal security questions and answers connected to your Yahoo account. Hackers take advantage of password reuse, stealing the login credentials from one site to gain access to multiple others.
Continue following Fighting Identity Crimes to stay up-to-date on this story as well as other breach and scam news.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.