Today, Yahoo has announced its second largest hack in the last three months. In a post on the company’s Tumblr account, Yahoo’s chief information security officer Bob Lord announced that, in 2013, data from more than one billion user accounts was accessed by an unauthorized third-party. This information comes just three months after the company’s confirmation that 500 million user accounts were compromised in a separate data breach.
Last month, law enforcement provided Yahoo with data files from a third-party who suggested that it was part of Yahoo user account information. Yahoo then started their own investigation with the assistance of a forensic firm who confirmed that the information was in fact obtained from Yahoo’s user accounts.
After concluding the investigation, Yahoo says that the accounts affected by the breach may have had data stolen, such as: encrypted/unencrypted passwords, telephone numbers, email addresses, dates of birth, and hashed passwords utilizing MD5. The biggest concern, besides the breach itself, is that Yahoo is still unable to identify how the data was stolen.
We suggest that all Yahoo account holders change their passwords. The length and complexity of the passwords may assist in combating the data breach to your account. It is suggested that you change the password to a minimum of 10 characters with upper/lower case, a symbol, and a number. Personally, with the amount of data breaches that Yahoo has had, it would make me think twice about having an account all together.