Yahoo hacked again, one billion accounts stolen
On Wednesday, Yahoo disclosed that more than one billion yahoo accounts may have been stolen in a cyber-attack. The stolen data may include email ID, password and other personal information.
Yahoo, in a blog-statement, said that an unauthorized third party stole data associated with more than one billion user accounts, in a cyber breach that took place in August 2013.
The disclosure made possible after forensic analysis of the data files that law enforcement agencies provided, the same was claimed to be Yahoo user data by a third party.
Stolen details included password and security questions
Yahoo made clear that the stolen user account may have included names, email address, hashed password, phone numbers, and date of birth. Yahoo in a statement, added, security questions and answers that account holder had set, may have also been stolen.
The hacker is supposed to have used forged cookies that could allow an intruder to access user’s account without password. “The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used”, said Yahoo in a statement.
Affected users notified and forge cookies disabled
Yahoo said they have invalidated the forged cookies and informed affected users of the incident.
Yahoo asserted that they have notified the affected users and asked user to change their credentials. “We have also invalidated unencrypted security questions and answers so that they cannot be used to access an account. We have hardened our systems to secure them against similar attacks,” said Yahoo in a statement.
Yahoo suspects this data breach to done by same actor who are believed to be involved in data theft incident disclosed on Sept 22, 2016. However, Yahoo did not name anyone.