SUNNYVALE, Calif., Dec. 14 (UPI) — Tech giant Yahoo on Wednesday announced what could be the largest computer hacking in history — the breach of more than 1 billion user accounts.
The company said access to the accounts compromised personal information like phone numbers, birth dates and security questions. The breach occurred more than three years ago, Yahoo said in a statement.
“Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. The company has not been able to identify the intrusion associated with this theft,” the company said. “The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.”
Yahoo said the new breach is separate from one reported in September that affected at least 500 million accounts.
The company said the newly-revealed breach did not, however, compromise passwords, credit card or banking information.
“Yahoo is notifying potentially affected users and has taken steps to secure their accounts, including requiring users to change their passwords,” the statement continued. “Yahoo has also invalidated unencrypted security questions and answers so that they cannot be used to access an account.”
Experts said the hackers were able to gain access to the accounts without passwords by “forging cookies” — a practice that fooled Yahoo servers into believing a third party computer had already been logged into a breached account.
“Yahoo encourages users to review all of their online accounts for suspicious activity,” Yahoo said. “The company further recommends that users avoid clicking links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information.”
