Yahoo Discloses Hack of 1bn Accounts
According to Bob Lord (Yahoo Chief Information Security Officer), Yahoo doesn’t know how exactly the data of 1bn user accounts was stolen, and what kind of information was removed.
As Lord said, user accounts may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. According to the investigation, clear text passwords and payment information haven’t been compromised.
Then Yahoo has announced that its proprietary code has been accessed by a hacker, who used the code to forge cookies that could be used to access the accounts without a password.
“Based on the ongoing investigation, we believe an unauthorized third party accessed our proprietary code to learn how to forge cookies. The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies,” said Bob Lord, CISO.
The alert from Yahoo about additional disclosure has been sent to all users with instructions and security advice on how to secure their accounts. Currently, Yahoo is examining the possible threat with law enforcement and outside forensic experts.
MacKeeper strongly recommends that you follow the necessary security measures to prevent potential threat:
Change your passwords and security questions and answers for any other accounts where you used the information that was same or similar to your Yahoo account information.
Review all of your accounts for suspicious activity.
Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
Avoid clicking any links or downloading any attachments from suspicious emails.
Consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.
To learn more about Yahoo security matters, please visit the official Yahoo Security Advisory at https://yahoo.com/security-update