[technology taskforce] Yahoo data breach in August 2013 affected one billion user accounts

Dev Anand Teelucksingh devtee at gmail.com
Tue Dec 20 16:26:13 UTC 2016


"Law enforcement provided Yahoo in November 2016 with data files that
a third party claimed was Yahoo user data. We analyzed this data with
the assistance of outside forensic experts and found that it appears
to be Yahoo user data.

Based on further analysis of this data by the forensic experts, we
believe an unauthorized third party, in August 2013, stole data
associated with more than one billion user accounts.

....For potentially affected accounts, the stolen user account
information may have included names, email addresses, telephone
numbers, dates of birth, hashed passwords (using MD5) and, in some
cases, encrypted or unencrypted security questions and answers. The
investigation indicates that the stolen information did not include
passwords in clear text, payment card data, or bank account

So, some suggestions if you have a Yahoo account (also used to log onto Flickr)
- change your Yahoo password and change the security questions and
answers associated with the Yahoo account. If you have used the same
password and/or similar security questions and answers for other
online accounts, you should change those also.

- review your Yahoo Mail settings to see if there are any changes you
didn't configure (for example filters for forwarding emails)

- Look to enable additional security features on your Yahoo account
like two factor verification (aka two factor authentication). Two
factor authentication is a method used by many online services to
verify the users' identity using two methods, usually a password and a
security code sent to or generated from your mobile device or other
trusted device.

See https://help.yahoo.com/kb/account on how to do so. Yahoo also
offers a feature called Yahoo Account Key which uses your phone to
authenticate you without a password.

Dev Anand

More information about the ttf mailing list