Yahoo revealed on Wednesday that a breach of its computer systems in 2013 affected more than 1 billion users’ data, including names, email addresses and telephone numbers.
How can Yahoo get away with this? They should be fined out of existence. https://t.co/anAeb5cdpe
— Uwe Pleban (@uwepleban) December 15, 2016
Yahoo is notifying potentially affected users and said it had taken steps to secure their accounts, including requiring them to change their passwords.
It also invalidated unencrypted security questions and answers because they were stolen as well and can no longer be used to access an account.
Credit card data and bank account information are not believed to be affected. The company said they were not stored in the system that Yahoo believes was affected by the theft.
The company said it found out about the attack last month after law enforcement officials provided it with data files that a third party claimed was Yahoo user data.
— *squiggle ??? (@scwiggs) December 15, 2016
“Based on further analysis of this data by the forensic experts, we believe an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts,” the statement said. “Yahoo has not been able to identify the intrusion associated with this theft.”
The attack is separate from one disclosed in September involving data on 500 million Yahoo users. That attack occurred in 2014. Yahoo said in September it believed that it was carried out by “a state-sponsored actor.” It said Wednesday that some of the activity it has uncovered in the investigation of the 2013 theft is connected to the same state-sponsored actor.
Information obtained in the 2014 hack may have included names, email addresses, telephone numbers, dates of birth, encrypted passwords and possibly security questions and answers, the company said in September.
Yahoo is on the brink of a sale to US telecommunication company Verizon for 4.8 billion dollars.
Verizon said after the data theft reported in September, which has been described as the largest in history, that it was investigating whether that would alter the terms of the deal.