User information stolen in breach of 1 billion Yahoo accounts
The largest cyber breach in history was discovered by Yahoo who said on Wednesday that data from more than 1 billion user accounts were compromised in August 2013
Yahoo Inc warned on Wednesday that it had uncovered another massive cyber attack, saying data from more than 1 billion user accounts was compromised in August 2013, making it the largest breach in history.
The number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government.
“An unauthorised party” broke into the accounts, Yahoo said in a statement posted on its website. The company believes the hacks are connected and that the breaches are “state-sponsored”.
The hackers used “forged ‘cookies’” – bits of code that stay in the user’s browser cache so that a website doesn’t require a login with every visit, wrote Yahoo’s chief information security officer, Bob Lord. The cookies “could allow an intruder to access users’ accounts without a password” by misidentifying anyone using them as the owner of an email account. The breach may be related to theft of Yahoo’s proprietary code, Lord said.
Yahoo said the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
It noted that payment-card data and bank account information were not stored in the system the company believes was affected.
Yahoo said it discovered the breach while reviewing data provided to the company by law enforcement. FireEye Inc’s Mandiant unit and Aon Plc's Stroz Friedberg are assisting in the investigation.
The breach is the latest setback for Yahoo, an internet pioneer that has fallen on hard times in recent years after being eclipsed by younger, fast-growing rivals including Alphabet Inc's Google and Facebook Inc.