/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2016/12/yahoo.jpg)
Breaking its own embarrassing record of security breaches, California-based Yahoo has disclosed yet another cyber-security breach of more than one billion user accounts that occurred in 2013. This is the second such discovery since Verizon acquired Yahoo for $4.83 billion.
Three months after announcing the breach of more than 500 million user accounts, Yahoo disclosed the second breach on Wednesday.
"The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo’s chief information security officer Bob Lord wrote in a post announcing the hack.
According to Bloomberg, out of one billion stolen accounts, reportedly more than 150,000 belong to the U.S. government and military employees. And those accounts are currently in the hands of cyber criminals. This report bells national level security!
"The information about the government employees comes from a cyber-security researcher, Andrew Komarov, who discovered a stolen database of Yahoo user information involving hundreds of millions of accounts and turned it over to the government, which in turn alerted Yahoo," Bloomberg notes.
The company is still investigating the 2013 intrusion and is notifying users and urging them to update password details.
The company also disclosed that its proprietary code had been located by a hacker. The code was used to forge cookies to access accounts without a password. “The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies,” Lord said, adding that he believed the attack was launched by a state-sponsored actor.
The latest report is believed to further complicate Yahoo’s deal with Verizon to sell its core internet assets for $4.8 billion. After the first disclosure, Verizon had demanded a discount of 1 billion.
A Verizon spokesperson said, "As we’ve said all along, we will evaluate the situation as Yahoo continues its investigation. We will review the impact of this new development before reaching any final conclusions."
The deal was scheduled to be sealed in the first quarter of 2017.