In a statement released yesterday, Yahoo has admitted that it has discovered a 3-year old breach in its security architecture through which hackers were able to compromise accounts of more than a billion users. Important user data including names, phone numbers, passwords, dates of birth, and email addresses were stolen in the breach which occurred in August 2013.
“Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. The company has not been able to identify the intrusion associated with this theft. Yahoo believes this incident is likely distinct from the incident the company disclosed on September 22, 2016.”, said the release.
The hack also gave the hackers, access to the users security questions, both the encrypted and the un-encrypted, something which could be used to reset a user’s password. Yahoo said that it has taken steps to secure the user accounts. The affected customers are being notified requiring them to change their passwords and the un-encrypted security questions were being invalidated.
BBC quoted a Cyber Security expert Troy Hunt saying, “This would be far and away the largest data breach we’ve ever seen.”
Yahoo said that the attack was revealed during the cyber security investigations into another breach. In September this year, Yahoo had recently disclosed another hack dated fall 2014. The hack which affected half a billion users was being called as the World’s largest breach until this hack of a billion user was revealed.