Yahoo confirms 1 billion accounts were hacked
Yahoo has admitted it was hacked in 2013, making it the largest breach in history
Yahoo has admitted it has fallen victim to another cyber-attack, revealing data from more than one billion user accounts had been hacked in 2013.
The Internet giant said in a statement that it "believes an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts." From these hacked accounts, Yahoo said names, phone numbers, passwords and email addresses, had been stolen.
The statement also explained that "the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected."
Yahoo believes that the cybercriminals used forged cookies which allows an intruder to access a user's account without the need of a password. Furthermore, Yahoo has disclosed it believes some of the activity may be "state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016".
Yahoo has disclosed that it is notifying affected users and requesting that they change their passwords. Plus in its statement, Yahoo said: We have also invalidated unencrypted security questions and answers so that they cannot be used to access an account. With respect to the cookie forging activity, we invalidated the forged cookies and hardened our systems to secure them against similar attacks. We continuously enhance our safeguards and systems that detect and prevent unauthorised access to user accounts."
The 2013 hack is the largest breach on record, plus it is double the size of the Yahoo breach in 2014 where 500 million users had been affected.