Yahoo revealed another serious data breach late Wednesday that resulted in more than 1 billion user account credentials being stolen.
The seemingly ever-embattled company announced that a security breach in 2013 enabled hackers to collect account information on a huge amount of Yahoo users. This is a separate security breach from a previously announced hack in 2014 that resulted in the thievery of half a billion accounts.
Although no financial information was stolen, both data breaches resulted in hackers stealing the names, email addresses, telephone numbers, and security questions of Yahoo users.
A precise breakdown of who has been affected is currently unavailable, but the latest security breach is believed to have affected a wide range of Yahoo’s services, including email, Tumblr and Flickr accounts.
In both cases, it took Yahoo years to alert its users that their confidential account information was stolen. The difference between the two hacking cases lies in the manner that the cybercriminals were able to hack into Yahoo’s database.
In 2014, an advanced spear-phishing scam allowed hackers to access the company’s server. The 2013 hack was not a result of phishing, but instead a theft of the company’s proprietary code. Hackers were able to forge cookies to log in to Yahoo accounts without a password.
It is advisable for Yahoo users to immediately change all of their online passwords, and it is also important for those affected to update their security questions and answers. This is especially important if Yahoo customers used the same responses for alternative online logins, such as a banking account.
Cybercriminals often use previous data hacks as a source of information to conduct future hacking attempts. For example, a phishing email may contain information gleaned from previous hacks as a method to strengthen its forgery.
The newly unveiled security breach might also spell problems for Yahoo’s planned acquisition by Verizon.
Verizon announced plans to acquire Yahoo’s digital media business, including Yahoo Mail and other assets, over the summer for $4.8 billion. In October it was reported that Verizon was asking for a discount off its original acquisition price after a class-action lawsuit was filed accusing Yahoo of security negligence after the successful 2014 hack was revealed.
At the time, Yahoo was also facing a backlash for revelations that it had also granted the United States government unhindered access to its email database.
If Verizon does still decide to move forward with the Yahoo acquisition after this most recent hacking news, it will likely be discounted from the original price of $4.8 billion.
Verizon has stated that it is currently reviewing this latest Yahoo security breach.