New York, December 15, 2016: Yahoo has disclosed a new security breach that may have affected more than one billion user accounts.
The breach dates back to 2013 and is thought to be separate from a massive cyber security incident announced in September, the company revealed on Wednesday.
NewsGram brings to you current foreign news from all over the world.
“For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,” said Bob Lord, Chief Information Security Officer, Yahoo, in a blog post.
The company previously disclosed that outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password.
NewsGram brings to you top news around the world today.
“Based on the ongoing investigation, we believe an unauthorised third party accessed our proprietary code to learn how to forge cookies. The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used,” Lord said.
Yahoo says it was notifying the account holders affected. They will be required to change their passwords.
Check out NewsGram for latest international news updates.
“We have also invalidated unencrypted security questions and answers so that they cannot be used to access an account,” added Lord.
Yahoo said it had connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft disclosed on September 22. (IANS)