It seems like there is no ending to a bad time for Yahoo. Since the search company announced its data breach a few months back the company is again in the news. No, now not for any product launch or new service – rather the revelation of the second largest hack in the past three months.
Bob Lord, the chief information security officer of Yahoo on the official Tumblr blog announced that data from more than 1 billion user accounts was victimized by accessing their account from an unauthorized party in 2013. And the news came out this September that 500 million user accounts were affected by a separate data breach.
The things were revealed about the hacking accounts when the law enforcement provided the company with data files from the third party. After getting the news Yahoo started the investigation regarding the third-party and hacked account under the forensic expert.
“The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies. We have connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016”.
One of the statements of Mr. Lord says that “we have not been able to identify the intrusion associated with this theft” which indicated that yahoo has still exotic about the account hacking. According to Yahoo, the affected accounts may have devoted of stolen such as email addresses, DOB, hashed passwords (using MD5), telephone numbers, and also the security question answers.
Yahoo says that the unauthorized party used the Yahoo code to forge cookies and gain the ability to access user accounts without any specific password.
If your account has also become a part of these Yahoo recommends changing your password immediately.