Yahoo Suffers Biggest Data Breach In History With A Billion Accounts Hacked

Yahoo has admitted that it suffered a massive data breach back in 2013 that saw more than a billion user accounts hacked, making it the biggest breach in history.

The company confirmed that it believes the hack took place in August 2013, when an unauthorised third party swiped data linked to a mass number of accounts, though thus far the company has no information on the identity of the hacker or hackers.

Biggest breach in history

Yahoo discovered the hack when it was investigating the 2014 data breach that came to light this year which saw the data of 500 million accounts compromised.

This hack, however, is significantly worse given its size and the type of data stolen, though users financial information is not at risk according to Yahoo.

“For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information,” the company said in a statement revealing the data breach.

Yahoo was already licking its wounds after the 2014 data breach started to get in the way of its acquisition by Verizon, and time will tell if this new breach disclosure will torpedo the takeover deal.

The reveal of the data breach has come under fire from experts in the security industry, putting Yahoo under fire from more than just the US government.

“There have been a number of cases this year of retrospective notifications of breaches that are of little help to customers affected by them. This underlines the need for regulation.  It’s to be hoped that GDPR (General Data Protection Regulation), which comes into force in May 2018, will motivate firms to, firstly, take action to secure the customer data they hold, and secondly, to notify the ICO of breaches in a timely manner,” said David Emm, principal security researcher at Kaspersky Lab.

Tyler Moffitt, senior threat research analyst at cyber security company Webroot, lambased Yahoo for the fact it took a third party investigation to surface the 2013 hack.

“This is disgraceful as Yahoo would have remained unaware. The fact that Yahoo has taken steps to secure user accounts is of little comfort. These accounts have been compromised for years and the sheer number of them means they have already been a large source of identity theft. No one should have faith in Yahoo at this point and this breach might very well affect the $4.8 billion Verizon deal,” he said.

The breach poses a problem for users of Yahoo’s services who will need to go through the process of changing passwords and working out how much at risk they are from the data breach.

Take our data breaches of 2015 quiz here!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago