It seems like there is no ending of bad time for Yahoo. Since search company announced its data breach few months back the company is again in the news. No, now not for any product launch or new service – rather revelation of second largest hack in past three months.
Bob Lord, the chief information security officer of Yahoo on official Tumblr blog announced that data from more than 1 billion user accounts was victimized of accessing their account from the unauthorized party in 2013. And the news came out in this September that 500 million user accounts were affected by a separate data breach.
The things were revealed about the hacking accounts when the law enforcement provided the company with data files from the third-party. After getting the news Yahoo started the investigation regarding the third-party and hacked account under the forensic expert.
“The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies. We have connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016”.
One of the statements of Mr. Lord says that “we have not been able to identify the intrusion associated with this theft” which indicated that yahoo has still exotic about the account hacking. According to Yahoo the affected accounts may have devoted of stolen such as email addresses, DOB, hashed password (using MD5), telephone numbers and also the security question answers.
Yahoo says that the unauthorized party used the Yahoo code to forge cookies and gain the ability to access user accounts without any specific password.
If your account has also become the part of these Yahoo recommends to change your password immediately.