Yahoo (NASDAQ:YHOO) has broken its own embarrassing record for the biggest security breach in history. Now, the company is saying that a 3-year-old security breach enabled a hacker to compromise more than 1 billion user accounts.
Nearly three months ago. Yahoo announced a separate hack which took place in 2014 that affected at least 500 million users. The company blamed that attack on a hacker affiliated with an unidentified foreign government.
The hacked information included names, email addresses, phone numbers, birthdates, passwords, and security questions and answers. The company believes bank-account information and payment-card data were not affected.
It is not known if the same hacker is responsible for the two separate attacks. It hasn’t been able to identify the source behind the 2013 intrusion. Yahoo currently has more than a billion monthly active users. An unknown number of accounts were affected by both hacks.
Yahoo is requiring users to change their passwords and invalidating the associated security questions. Users should also consider enabling two-step authentication on their Yahoo accounts to provide extra security. Any users who reused their Yahoo password for other online accounts should change those passwords as well.
Emails sent by Yahoo to affected users won’t ask users to click on links, won’t contain attachments and won’t request users’ personal information. The company said, “If an email you receive about these issues prompts you to click on a link, download an attachment, or asks you for information, the email was not sent by Yahoo and may be an attempt to steal your personal information. Avoid clicking on links or downloading attachments from such suspicious emails.”
Earlier this year, Yahoo agreed to sell its digital operations to Verizon Communications for $4.8 billion. The latest revelations may have put that deal in jeopardy. If the company’s services aren’t as valuable to Verizon, the sale price might be re-negotiated or the deal may be called off.
Verizon said it would re-evaluate its Yahoo deal after the news of the first hack broke. Yahoo said at the time that the Verizon deal should be completed under the original terms, arguing that news of the 2014 hack didn’t negatively affect traffic to its services. The new revelations won’t help Yahoo’s cause.