19 December 2016
The troubled search giant has disclosed that one billion customer records were stolen in 2013, which, on top of the company’s September admission that 500 million accounts were breached in 2014, is astonishingly embarrassing.
There may be some overlap between the two data sets, but that still means that at least one billion Yahoo accounts were affected. (For reference, there are about 3.5 billion Internet users in the world at the moment. And to think some people still think data security isn’t something that affects them.)
Yahoo’s chief information security officer Bob Lord said:
“For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. […] Payment card data and bank account information are not stored in the system the company believes was affected.”
Yahoo has provided more information about the incident – and what users should do – on an FAQ page.
It’s worth mentioning that MD5 isn’t a strong hashing algorithm, so passwords encrypted with it shouldn’t be considered safe.
Website by Spi-des-ign