Yahoo on Tuesday said that every single Yahoo account was affected by a data breach that took place in 2013.
In 2016, Yahoo disclosed that more than one billion of about three billion accounts had likely been affected by the hack. In its disclosure Tuesday, the company said all accounts were likely victimized.
Yahoo included the finding in a recent update to its Account Security Update page, saying that it found out about the wider breach through new intelligence obtained during the company’s integration into Verizon Communications. Outside forensic experts assisted in the discovery, the company said.
“It is important to note that, in connection with Yahoo’s December 2016 announcement of the August 2013 theft, Yahoo took action to protect all accounts. The company required all users who had not changed their passwords since the time of the theft to do so. Yahoo also invalidated unencrypted security questions and answers so they cannot be used to access an account,” Yahoo said Tuesday.
Yahoo said it will begin alerting accounts that weren’t previously notified of the attack.
In 2013, a breach allowed attackers to steal email addresses, passwords, birth dates, telephone numbers and more. The new investigation indicated that stolen information didn’t include passwords in clear text, payment card data or information about bank accounts.
Verizon finished its acquisition of Yahoo in June and is folding it, with AOL, under a new subsidiary named Oath.
“To those still feeling left out by either company after this spate of bad news, I have only one thing to say (although I feel a bit like a broken record in repeating this): Assume you’re compromised, and take steps accordingly.”
“I have only to point to reasoning by Christina Tetreault, a staff attorney on the financial services team of Consumers Union — the policy arm of Consumer Reports. Tetreault notes that perhaps the main reason a security freeze is the better option is that its promise to guard your credit accounts is guaranteed by law, whereas a credit lock is simply an agreement between you and the credit monitoring company.”
“Having a contractual agreement is not as strong as having protections under law,” Tetreault said. “The contract may be unclear, may include provisions that allow the other party to change it, or include provisions that you may be better off not agreeing to, such as an arbitration agreement.”
“What’s more, placing a freeze on your file is exactly what Equifax and the other bureaus do not want you to do, because it prevents them from making money by selling your credit file to banks and others (including ID thieves) who wish to grant new lines of credit in your name. If that’s not the best reason for opting for a freeze, I don’t know what is.”
“If anyone needs more convincing on this front, check out the testimony given in other committees today by representatives from banking behemoth Wells Fargo, which is under fire signing up tens of thousands of auto loan customers for insurance they did not need and in some cases couldn’t afford. That scandal comes on the heels of another debacle in which Wells Fargo was found to have created more than 3.5 million bank accounts without consumers’ permission between 2009 and 2016.”
https://krebsonsecurity.com/2017/10/fear-not-you-too-are-a-cybercrime-victim/
Go to the link below to freeze your Equifax account
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
https://www.democraticunderground.com/10023282538 ….. Are you familiar with Equifax and Serco and what they do for our government? … http://www.abeldanger.org/faceborg-wants-all-your-personal-data-including-proof-of-identity-youve-been-equifaxed/
Can you believe this?
http://money.cnn.com/2017/10/03/news/india/equifax-irs-contract/index.html
unfortunately Mark….I can
I use Yahoo. But only for posting comments on places like this, never for anything personal. Yahoo emails are considered to be throw away accounts.
🙂