Yahoo confirmed last night that no less than 1 billion accounts were accessed by a third party in 2013, so a long time ago. Although a few months ago Yahoo confirmed that the data of 500 million accounts were accessed by hackers, here we are now talking about a separate hack, which allowed access to the data of 1 billion users.
Those at Yahoo would not have known about this hack until last month, when the American authorities provided data from a third party that claimed to have stolen Yahoo accounts. Then those from Yahoo initiated the investigation with the help of forensic experts and discovered that 1 billion accounts were accessed, and data was taken from some of them.
Yahoo claims that so far it has discovered that hackers have taken email addresses, phone numbers, information on dates of birth, encrypted passwords and security questions. In some cases these security questions have been encrypted, while in other cases they have not been encrypted, so they can be used by hackers at any time.
Yahoo – 1 billion accounts hacked
The most interesting part of this disclosure lies in the fact that Yahoo did not discover how the hackers obtained access to its systems where they were saved. In this idea, Yahoo has little way to protect itself against a similar attack that hackers could initiate against the company to retrieve other user data.
"Separately, we previously disclosed that our outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password. Based on the ongoing investigation, we believe an unauthorized third party accessed our proprietary code to learn how to forge cookies. The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies. We have connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016."
The icing on the cake comes only now, as Yahoo has confirmed that some hackers forged cookies to access certain users' accounts without using any passwords. Basically, Yahoo does not have the ability to protect its users' accounts, they are exposed even if they have a strong password, because hackers can access the accounts even without them.
We are talking about probably the biggest hack in the history of the Internet, and those at Yahoo will feel the effects through a massive decrease in the number of people using their services.
