3 billion Yahoo accounts were hacked in data breach in 2013

Every single Yahoo account was hacked in 2013

We all knew that Yahoo data breach in 2013 was massive. However, since the company reported about the issue in September 2016,^[1] Yahoo continuously reported about detected more compromised accounts. However, no one expected that within a year the scale of the attack would reach 3 billion.^[2]

A digital and mobile media company Oath, which owns Yahoo, released an official note on the 3rd of October informing about these threatening news.^[3] Therefore, it means that if you had an account in 2013 and still have it, it’s a perfect time to change your password and secure other accounts as well.

The chronology of Yahoo data theft investigation

In August 2016, 200 million hacked Yahoo accounts were noticed being sold on the dark web. However, the company did not rush to confirm if user accounts were actually compromised. The first report about the issue appeared only on September.

It seems Yahoo has been investigating the issue for more than a month. However, the research results were worse than announced in August. The company revealed that more than 500 million accounts might have been compromised.

However, the scale of the attack was bigger than company noticed at first. On December 14, Yahoo announced that more than 1 billion user accounts were stolen by cyber criminals.

Finally, almost a year ago since the first news about data breach appeared, in October 2017, the company gave updated research results that are threatening. It seems that in 2013, criminals managed to steal 3 billion account information, meaning that all Yahoo users, who had an account four years ago, have suffered from the attack.

What data has been stolen?

According to the investigation, cyber criminals managed to steal personally identifiable and sensitive information, including:

• full name;
• email address;
• phone number;
• birthday day;
• hashed passwords (using MD5);
• security passwords and answers.

However, since the data breach was announced, some rumors and assumptions appeared about stolen bank account or credit card information. However, the company denied that this information might have been stolen. According to Yahoo, this data was not stored on the affected systems.^[4]

Yahoo users are advised to take extra steps to protect their personal information

When Yahoo confirmed data breach in 2016, all potentially affected users received an alert to change their passwords and security questions. However, the company also advised to stay vigilant and monitor bank account information even if they tell that cyber criminals should not be able to access this data.

However, having a bunch of personally identifiable data might help crooks to continue cyber crimes and find the way to get access to your bank account or even steal an identity. Thus, users are suggested to change their other accounts passwords. Please have in mind that it’s important to create strong and unique passwords for each account.

Yahoo users are also warned to be careful with emails.^[5] Due to the data breach, you might find phishing or infected emails in your inbox. Thus, do not rush opening email attachments or clicking provided links unless you are 100% that your received email is real and safe.