Looks like the late 2014 hack of over 500 million Yahoo user accounts isn’t the only big security issue the company has to deal with. Yahoo just disclosed that more than one billion accounts might have been compromised by a hack of an unauthorized third party back in August 2013. The information stolen from the affected accounts include names, email addresses, birth dates, hashed passwords, encrypted and unencrypted security questions and answers, as well as telephone numbers. The only information believed to not have been accessed by the hackers include clear text passwords, bank account information, and credit/debit card details.
The hack was discovered after law enforcement officials gave the company what looked like user data from an unknown source. Yahoo hasn’t been able to identify the specific breach yet but says it’s “likely” distinct from the 2014 hack. If you’re affected by this hack, Yahoo will be reaching out to you to help secure your account, including implementing mandatory password changes and invalidating unencrypted security questions and answers. Now, is probably the best time for you to change those passwords and use two-factor authentication when you can—not just with your Yahoo accounts but also double up on your other online accounts.
Source: MacRumors