Hackers steal data from more than 1bn Yahoo accounts

15 December 2016

The data of more than 1 billion Yahoo account holders is believed to have been stolen, the internet company has disclosed.

It says it’s analysed information given to it by law enforcement in November 2016, which appears to be Yahoo user data stolen in August 2013.

Yahoo believes data associated with more than one billion user accounts was stolen, although it hasn’t been able to identify the intrusion associated with this latest theft.


Affected customers will be contacted, although beware that phishing scammers may target Yahoo customers following this breach – Yahoo says any emails it sends to affected to customers will NOT prompt you to click on any links, include attachments, or ask you for personal information.

Yahoo adds that it believes this hack is a separate incident from the “state sponsored attack” it revealed earlier this year, in which 500 million accounts were stolen in 2014.

What data has been taken this time round?

Yahoo says the stolen user data may include names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.


However, it believes the stolen information does not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are stored in a separate system, which is thought to be unaffected – although investigations are still ongoing.

What is Yahoo doing about it?

Yahoo says potentially affected users are being required to change their passwords.

It has also invalidated unencrypted security questions and answers so that they cannot be used to access an account.

In addition, forged web cookies, which Yahoo believes were taken or used in 2015 or 2016 to access accounts without a password, have been invalidated and systems have been hardened to prevent similar attacks in future. Customers affected by this issue will also be notified.

I’m a Yahoo user. What should I do?

Yahoo recommends users take the following steps:

  • Change your password and security questions and answers for any other accounts on which you use the same or similar information used for your Yahoo account. You can change your Yahoo password or security questions via your online account.
  • Review all of your accounts for suspicious activity. Also review any bank or credit card accounts you have, as well as your credit file for fraudulent activity.


Add new comment