In September, Yahoo took a lot of heat after they disclosed that hackers had retrieved the data of at least 500 million Yahoo user accounts back in 2014. On Wednesday, Yahoo made another disclosure that was even more revealing. Apparently, there was another hacking attempt before this one in 2013 which compromised the data of over 1 billion Yahoo accountholders. Each of these security breaches are considered to be the largest ones that any company has ever experienced on their computer network.
The latest Yahoo disclosure reports that hackers were able to access very sensitive information of these one billion users, including their telephone numbers, birthdates, names, encrypted passwords, and the security questions for their passwords which will allow the hackers to reset them. All the affected users have been notified and the company is forcing these users to change their passwords. At the same time, Yahoo is invalidating all of the unencrypted security questions so that hackers cannot use them to reset the passwords.
Fortunately, there was no financial information was retrieved by the hackers. However, the information that the hackers do have could possibly be used to figure out people’s other passwords on other websites. After all, the security questions that people set for their passwords are usually the same questions you’d find on many other sites. Questions like “What is your mother’s maiden name” or “What is your father’s middle name?” are all too common on most sites. So if a hacker was able to get the answers to those questions, they can try to use them on other websites and change the passwords of those users’ accounts on those sites.
It is unknown right now as to the exact number of active Yahoo users who were affected, since many people create accounts and never use them.