Yahoo says Hackers stole information from over 1B accounts

SAN FRANCISCO (Diya TV) — In what will easily be described as the largest data breach ever, Yahoo said Wednesday that data from more than one billion user accounts was stolen back in Aug. 2013.

This incident occurred independently from the one the company reported just last September, which involved at least 500 million user accounts and took place in late 2014.

Stolen user data from this new breach involves names, email addresses, telephone numbers, dates of birth, and hashed passwords using an aging algorithm known as MD5 that can be cracked. In some cases, encrypted and unencrypted security questions from users was also stolen, the company said on Wednesday. However, no payment card data or bank account information was taken.

Yahoo has blamed this newly disclosed breach on an “unauthorized third party,” and have provided no additional details on the matter. It initially learned about the breach in November when law enforcement approached the company with data files that allegedly came from Yahoo, but were obtained by a third party.

Security has taken a back seat at Yahoo in recent years, compared to Silicon Valley competitors like Google and Facebook. Yahoo’s security team clashed with top executives, including the chief executive, Marissa Mayer, over the cost and customer inconvenience of proposed security measures.

And critics say the company was slow to adopt aggressive security measures, even after a breach of over 450,000 accounts in 2012 and series of spam attacks — a mass mailing of unwanted messages — the following year.

Verizon, which is in the process of buying Yahoo, said on Wednesday, “We will evaluate the situation as Yahoo continues its investigation. We will review the impact of this new development before reaching any final conclusions.”

Bob Lord, Yahoo’s chief information security officer, said in a statement that the state-sponsored actor in the 2014 attack had stolen Yahoo’s proprietary source code.