This week, Yahoo announced that over a billion of their users’ accounts had been compromised in what appears to be the largest data breach in history.
The breach, which occurred in August 2013, involves “forged cookies”, which don’t require a user to log in ever time they access an account from the same device.
The hack affected more than double the number of accounts affected by the 2014 breach, which was revealed by Yahoo just a couple of months ago, and seriously undermines the company’s security claims.
It’s thought that the stolen user data included “names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.” It’s said that no financial or payment information was involved in the breach.
Yahoo believes that the hacks were “state-sponsored” and may have been linked, although no evidence has been given to support this.
A more pressing question, however, is why it has taken three years for this information to surface. If user data is compromised, it’s essential that users are informed, so they can take steps to protect themselves. US legislators have gone so far as to label this situation “unacceptable“, and here at SurfEasy, we agree.