All 3bn Yahoo users affected by 2013 breach
The data breach Yahoo was hit by in 2013 was far more severe than previously thought, with the personal details of all 3 billion of its users compromised in the attack.
Yahoo revealed in an FAQ that it has obtained data indicating that “all accounts that existed at the time of the August 2013 theft were likely affected”.
When Yahoo originally discovered and disclosed the attack in December last year, the company estimated that an unauthorised party “stole data associated with more than one billion user accounts”. But additional information analysed with the help of outside forensic experts has prompted Yahoo to disclose that all accounts were likely affected.
This has given Yahoo the dubious distinction of setting yet another record for the biggest disclosed data breach of all time.
The December announcement when it was thought that only around 1 billion accounts were affected was a record, and this disclosure came just a few months after Yahoo disclosed that the details of at least 500 million users were stolen in 2014.
In both incidents, stolen information may have included names, email addresses, telephone numbers, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
Since the initial disclosure of the breach, Yahoo has required users to change their passwords and has invalidated unencrypted security questions. But in February, Yahoo disclosed that forensic experts had discovered that forged cookies were being created to help attackers access users’ accounts without needing a password.
Secure-by-design software development for digital innovation
The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...
Bolstering AI-powered cybersecurity in the face of increasing threats
The escalation of complex cyber risks is becoming a pressing issue for those in business...
How attackers are weaponising GenAI through data poisoning and manipulation
The possibility for shared large language models to be manipulated through data poisoning...