Yahoo did it again, folks. In less than six months, Yahoo admitted that its security was breached twice, with hackers stealing data for hundreds of millions of users. In September, Yahoo said that more than 500 million accounts were compromised years ago, making it the biggest hack to date. But that changed on Wednesday when Yahoo beat its own record. Yahoo confirmed that more than a billion Yahoo Mail users were hacked in the new attack.

Just like the previous hack that Yahoo disclosed, this isn’t a recent intrusion. “Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with a broader set of user accounts, including yours,” Yahoo said in a message to users.

Hackers were able to steal a bunch of user data, including “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”

Yahoo points out that not all these elements may have been stolen for your account. The company is notifying user accounts for which it believes that forged cookies were taken or used in 2015 or 2016.

Yahoo says it has “connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft we disclosed on September 22, 2016.”

What can you do to mitigate the impact? First and foremost, change your password to your Yahoo account. If you already changed it in September, you’re probably good.

In case you’re an Internet user who recycles the username/password combination on other online services, then change those passwords again.

You can also enable two-factor authentication on all your online accounts where that’s possible, and review them for suspicious activity — given the hack happened all the way back in August, it’s likely you might not recognize any suspicious activity in your recent history.

You can also decide to delete your Yahoo account and prevent such breaches in the future. But before you do, make sure you go through the explanations Yahoo posted on a special help page regarding the matter — see it at this link.

View Comments