Yahoo have been hacked, again.
This is old news isn’t it?
You may be forgiven for thinking you’ve heard this one before – but this month Yahoo! announced yet another breach in a year which has seen a sharp rise in leaks, breaches and hacks across several of the major players in internet services.
The company disclosed that it has discovered a breach of more than one billion user accounts that occurred in August 2013.
Yahoo said the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
Yahoo was alerted to the massive breach by law enforcement and has examined the data with the help of outside forensic experts. The data does not appear to include payment details or plaintext passwords, but it’s still bad news for Yahoo account holders. The hashing algorithm MD5 is no longer considered secure and MD5 hashes can easily be looked up online to discover the passwords they hide.
Users “will be notified”
Yahoo says it is notifying the account holders affected in the breach. Affected users will be required to change their passwords. However we recommend regular password changes across all services as a matter of procedure.
Yahoo’s service for recognising whether your account has been hacked is woefully generic and doesn’t instill much confidence – You can see it here
You should use different passwords for your accounts
Hackers obtained more than just names and passwords in the Yahoo breach — they also nabbed answers to security questions. Cybercriminals can use that info to conduct automated attacks called “credential stuffing.”