If you had any trust left in the security of your online data, keep reading.
After disclosing in September that the company had uncovered they were the subject of a “state-sponsored” attack back in 2014—which compromised roughly 500 million accounts—Yahoo is now admitting that nearly double that was already hacked; in fact, more than one year before.
The Yahoo 2013 hack, which “could” include names, email addresses, security questions & answers, phone numbers, and birth dates—all potentially unencrypted—was apparently brought to the attention of the company by law enforcement officials in November. Yahoo has indicated that, as with the 2014 hack, credit card data is believed to be safe.
Just how one billion user accounts could be hacked—and nobody at Yahoo notice until explicitly told about it years after the fact—remains a mystery.
It’s also unclear how (or if) this will impact Yahoo’s pending $5 billion acquisition by Verizon. Rumors began flying after the previous hack was disclosed that Verizon wanted close to a billion-dollar discount on the deal; given the sheer magnitude of the Yahoo 2013 hack by comparison, Verizon might be having second-thoughts entirely about their upcoming expenditure.
Yahoo has begun reaching out, via email, to those believed to be impacted by the 2013 hack. In the meantime, it’s a good idea for anyone with a Yahoo account to just go ahead and change their password now (and the passwords of any other accounts that shared the same email/pw combo), along with resetting security questions & enabling two-factor authentication.