Remember Yahoo’s data breach? It happened again with more accounts than last time

A few months ago, Yahoo admitted to about 500 million email accounts becoming compromised thanks to a hacker a.k.a. Peace. It all started when such hacker promised to sell 200 million usernames, passwords, and birthdates for some $2,000.

The data breach affected some people and hackers could gain access to any of these yahoo email accounts, compromising more accounts which were associated with that email address.

A new press release from Yahoo confirms that more than one billion accounts’ information has been stolen by “an unauthorized third party” back in August of 2013 and that it is “likely distinct from the incident we disclosed on September 22, 2016.

Information compromised may have included names, email addresses, telephone numbers, dates of birth, and there’s a possibility that some security questions and answers were also compromised. Yahoo believes the reason for the breach was that a hacker was able to figure out how to forge cookies to gain access to these accounts.

We have connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.

Yahoo has begun notifying the affected users and invalidated the forged cookies. Customers affected should immediately change their passwords and security questions for Yahoo and other accounts with similar answers, review all accounts for suspicious activity, be cautious of phishing attacks, avoid clicking on links from suspicious emails, and consider using Yahoo’s Key service.

For many, the logical move after account’s being affected on two separate occasions is to switch email providers altogether. Many have gone with Gmail as a permanent replacement.

Source | Via