After thorough investigation and analysis, Yahoo on Wednesday confirmed that over 1 billion accounts were compromised in the famous 2013 hack. Not only this, recently in September Yahoo claimed that about 500 million accounts were hacked pertaining to separate accounts breach held in 2014. Combining the two, now makes Yahoo one of the most vulnerable email platform. Interestingly, last month Yahoo revealed in a filing with the US Securities and Exchange Commission (SEC) that some of its staff might be involved in the 2014 hacking.
In the SEC filed in November, ‘Yahoo confirmed that a hacker claimed to have obtained certain Yahoo user data’ but the number of accounts affected were not revealed until yesterday. Moreover, based on the recent revelations user data including names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers were also compromised. However, Yahoo claims that the user data didn’t include card details, bank account information and passwords in clear text.
Not only this, Yahoo was asked by the forensic experts about the possible creation of forged cookies by the hacker and recent reports reveal that the hacker certainly got the access to their proprietary code which led him creating forge cookies. However, Yahoo claims that “the outside forensic experts have identified user accounts for which they believe forged cookies were taken or used.”
Concerned for user’s information security, Yahoo has started notifying the affected account holders and has also invalidated the forged cookies. But, we still didn’t know anything about these hackers. Further, some reports suspect that both the breach incidents might be from the same group of hackers or hacker.
So what should you do if your account is affected?. First, Yahoo will send you a notification alerting you about the possible consequence to your account. Second, change your password and security questions. Further, if you have kept the same security questions for other platforms as well, then it is time to make the change across all those platforms. Third, review all your emails and don’t click on links or emails which ask for personal information. Fourth, if you are still not confident and feel that your account is still under the target we advise you to close and deactivate your Yahoo account. However, some data might have been already compromised.
Yahoo is still investigating the issue and we expect more information to come out once final conclusions are revealed.