Yahoo Discloses 2013 Breach that Exposed Over One Billion Accounts
Yahoo disclosed Wednesday, December 14, that it had suffered yet another breach in August 2013 that exposed over 1 billion accounts. This larger figure pales in comparison to a previous incident that announced last September, where 500 million accounts were stolen back in 2014. According to Chief Information Security Officer, Bob Lord, it appears that the incident is likely distinct from the breach disclosed three months ago. This attack involves user names, email addresses, telephone numbers, hashed passwords using the MD5 algorithm, and encrypted and unencrypted security question and answers found to have been stolen in 2013.
Yahoo has yet to determine how the data of 1 billion users were stolen, but added that it appears no payment information such as credit card numbers and bank account details, or even unencrypted passwords were included in the hack. They also stressed that financial data is not stored in the system that was compromised. Unfortunately, the passwords included that were leaked were secured with an encryption algorithm that could be easily cracked.
Unsurprisingly, Yahoo is coming under a lot of scrutiny as the hack happened so long ago and had gone unnoticed even after the investigation of the 2014 hack. However, the company was quick to notify potentially affected users and has required victims to change their passwords. In addition, it has voided unencrypted security questions and answers to invalidate any attempts to use the stolen credentials.
This incident should serve as a reminder for all users to pay attention to their online security habits, especially when it comes to their online credentials. Since most users need to maintain online accounts, password security has long been a much ignored issue as most users do not want the burden of having to create and remember multiple passwords. However, it is this very habit that puts users at risk when online accounts get compromised. In fact, previous incidents have demonstrated how reused passwords could ultimately lead to hacked accounts across various platforms.
In the case of the Yahoo breach, users could prevent their data from being stolen if they regularly change their passwords. In the event of a breach, a quick password change can mitigate further damage caused by a hack. This emphasizes the importance of securing passwords and it has not diminished despite the availability of other authentication methods.
After the September disclosure of the 2014 breach, Yahoo notified users to change their passwords. Since this breach happened in 2013, users who updated their passwords are unlikely to be affected. To be on the safe side, it is recommended to visit Yahoo’s Safety Center page for tips on how to secure accounts. In the long run, however, these helpful best practices can help prevent users from becoming a victim:
- Regularly change your password– this should be anyone’s first step to quickly reduce the risks caused by a data breach. Use phrases instead of words as longer and more complex passwords are harder to crack. Try using a password that includes at least 12 characters, with both uppercase and lowercase letters, numbers, and special characters. It is also highly recommended to use a password manager to be able to regularly change passwords without the trouble of having to remember them.
- Use two-factor authentication (2FA) – a two-step verification adds an extra layer of security to your accounts. Using 2FA could make it harder for an attacker to access information even if passwords are compromised.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale