Leaking information via a data breach Yahoo were not aware about until alerted by law enforcement, the company disclosed today that over 1 billion users’ information were compromised resulting from the 2013 incident.
The breaching incident in subject separates from a yet another datamining attempt to Yahoo’s database which stole sensitive information from as much as 500 million users it reported last September.
Making an official statement about the news is Yahoo’s chief information security officer Bob Lord via the company’s official Tumblr account which troublingly states, “We have not been able to identify the intrusion associated with this theft.”
Lord added, “The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”
In response to the hack, Yahoo is taking the measure of notifying account holders affected with the breach by asking them to change their passwords.
Also announced today, is of the company’s compromised proprietary code gotten hold of by a hacker who forged cookies that would render him access to user accounts without the need for a password.
“The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies.”
Shedding some personal insights regarding the pronounced breaches to Yahoo’s security, Bob Lord claims that the incidents were as a result of a state-sponsored attack.