Yahoo is having the worst year ever. The company has written to its e-mail customer that their accounts might be compromised, in a different hack from the one that it reported in September. This breach, according to the company, likely took place in August 2013, predating the previous disclosed breach that apparently happened in 2014. The currently breach has compromised the data of over 1 billion user accounts, twice the number of the 2014 breach which stood at 500 million, according to various reports. According to Yahoo, law enforcement provided it with hacked data files that were claimed to be Yahoo user data in November, which it has now confirmed. It mentions that hackers created forged cookies, using Yahoo’s proprietary code, that would allow them access to accounts without a password. Compromised data includes names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases encrypted and unencrypted(!!) security questions and answers. According to the company, the data did not include plain text passwords, payment card data or bank account information. It’s not clear if email themselves were compromised, as this could lead to hackers having access to financial information not necessarily saved with Yahoo. Note that the scale of this attack is the largest yet, breaking the company’s own previous record of compromising 500 million user accounts. However, the breach is not quite revelatory as say the Office of Personnel Management (US) hack, which compromised the data of 32 million current and former federal employees, including…
