In November 2016, law enforcement provided Silicon Valley giants, Yahoo with data files which a third party claimed was Yahoo user data. This data was analysed by Yahoo with the assistance of external forensic experts and found that it appears to be Yahoo users data. Based on further analysis of this data by the forensic experts, Yahoo believes that an unauthorized third party stole data associated with a broader set of user-accounts in August 2013, including all Yahoo account holders and email users. Yahoo has not been able to identify the intrusion associated with this theft. Yahoo believes that this incident is likely distinct from the 500-million hacked accounts they disclosed on 22 September 2016; another hacking-incident totally separate from this one which has affected over 1-billion Yahoo email account users.
The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. Not all of these data elements may have been present for your account. The investigation indicates that the stolen information did not include passwords in clear text form, payment card data or bank account information. Payment card data and bank account information are not stored on the system that Yahoo believes was affected.
Yahoo however are taking major security actions to protect its user accounts in various ways:
- Yahoo are requiring potentially affected users to change their passwords.
- Yahoo invalidated unencrypted security questions and answers so that they cannot be used to access an account.
- Yahoo are constantly enhancing their safeguards and systems that detect and prevent unauthorized access to user accounts.
If you've got a Yahoo email account, chances are high that you've been hacked! We encourage you to follow these security recommendations:
- Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
- Review all of your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
In addition, please consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether. You'll no longer need to remember complicated passwords when you use Yahoo Account Key to access your account. To sign in, tap "Yes" on the notification Yahoo sends to your mobile phone. With Account Key enabled, there's no password on your account, so no one other than you can sign in.