New record! Yahoo hacked -- 1 billion user accounts compromised

24135457061 28a2dda83b o

Yahoo may hold a new record -- but it probably is not be the kind of record the tech giant was going for.

The company announced another breach, this one bigger than the last. By a lot. In fact, it may be the biggest data breach ever. Hence the record. So what happened, and what should you do if you have a Yahoo account?

In IT Blogwatch, we keep all our data secret. 

So what exactly is going on? Michael Kan has the details:

In what is likely the largest data breach ever, Yahoo is reporting that data associated with...1 billion user accounts was stolen...The incident is separate from a breach Yahoo reported in September involving...500 million users that originally occurred in...2014 and shook public trust in the company.

How exciting for Yahoo -- a new record! What data was stolen this time? Laura Hautala and Richard Nieva have the details:

The hack occurred in August 2013. Stolen data included users' names, email addresses, telephone numbers, dates of birth, and encrypted passwords. Those passwords...[used] an encryption tool called MD5, which experts say is possible to crack...The data also included some security questions and answers...which weren't encrypted.

Well, at least, with 1 billion accounts hacked, the news couldn't get much worse for Yahoo. Oh, wait, did I speak too soon? Sean Gallagher fills us in:

Yahoo also...found...that someone had found a way to forge web browser "cookies" that would allow them to gain access to users' accounts without logging in...Yahoo...informed users whose accounts were exposed by the forged cookies...has "invalidated" the cookies and "hardened our systems to secure against similar attacks."

What about the other affected users? What has Yahoo done to protect their accounts? And what should users do? Bob Lord, Yahoo's CISO, tells us himself:

We are notifying...affected users and have taken steps to secure their accounts, including requiring users to change their passwords. We have also invalidated unencrypted security questions and answers so that they cannot be used to access an account.
We enoucrage...users to...Change your passwords and security questions and answers for any...accounts on which you used the same or similar information used for your Yahoo account...Review all of your accounts for suspicious activity...Be cautious of any unsolicited communications that ask for...personal information or refer you to a web page asking for personal information...Avoid clicking on links or downloading attachments from suspicious emails...and...Consider using Yahoo Account Key, [an]...authentication tool that eliminates the need to use a password on Yahoo altogether.

Well, at this point, it really couldn't get much worse, right? Oh, I spoke too soon again? Jordan Robertson shares why:

More than 150,000 U.S. government and military employees are among the victims of [Yahoo’s] breach...their names, passwords, telephone numbers, security questions, birth dates, and backup e-mail addresses are now in the hands of cybercriminals...that could allow foreign intelligence services to identify employees and hack their personal and work accounts, posing a threat to national security. These employees had given their...government accounts to Yahoo in case they were ever locked out of their e-mail.
Former intelligence officials said the leak of could make the job of foreign spies easier, creating a...hit list of targets for hacking.

So how is this going to affect Yahoo's Verizon deal? Thor Benson might know:

When news came Yahoo was hacked in 2014, Verizon indicated...the cost of the sale may be renegotiated...the newly revealed hack could make that...renegotiation an even bigger issue...the purchase may be dead in the water.
Many Yahoo users may start cancelling accounts at this are other options for Verizon...Verizon could benefit by buying multiple less trafficked websites that are more stable and have a growing following.

So what are people saying about all this? Sarcasm Society has an important question:

There are a billion Yahoo users? Why?!

Copyright © 2016 IDG Communications, Inc.

Shop Tech Products at Amazon