Earlier this year, it was revealed that Yahoo experienced a breach in 2014 that led to more than 500 million user accounts breached. It turns out that that number was only half of the story. Yahoo lost over 1 billion user accounts in a 2013 breach. 1 BILLION!
Not many details have been released at this moment and Yahoo has yet to release a statement, but it has acknowledged the breach. Apparently, the breach is different than the one that occured a year later and compromised the data of 500 million users. That means that 1.5 billion Yahoo accounts were breached. Wow.
Yahoo CISO Bob Lord admitted the breach for Yahoo today in a post.
“Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts,” wrote Lord.
User’s passwords, emails, telephone numbers, birth dates, hashed passwords (MD5) and even encrypted and unencrypted security questions were all compromised. No plain-text passwords, payment card data or bank information was stolen, so at least financial information wasn’t compromised.
This just keeps getting worse and worse for Yahoo and Verizon, who bought the search giant right before the first hack was revealed. Now it is left to pick up the pieces of their $4.8 billion investment.