Yahoo says 1 billion accounts affected by theft of data in 2013
15 Dec 2016
Yahoo on Wednesday revealed that a breach of its computer systems in 2013 affected more than 1 billion users' data.
The company said in a statement that it was notifying potentially affected users and has taken steps to secure their accounts, including requiring them to change their passwords.
Yahoo also has invalidated unencrypted security questions and answers so that they cannot be used to access an account, the statement said.
The company said it found out about the attack last month after law enforcement officials provided it with data files that a third party claimed was Yahoo user data.
"Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts," the statement said. "Yahoo has not been able to identify the intrusion associated with this theft."
The attack is separate from one disclosed in September involving data on 500 million Yahoo users. That attack occurred in 2014. Yahoo said in September it believed that it was carried out by "a state-sponsored actor."
Information obtained in the 2014 hack may have included names, email addresses, telephone numbers, dates of birth, encrypted passwords and possibly security questions and answers, the company said in September.
The newly disclosed attack involves more sensitive user information, including unencrypted security questions.