Yahoo, the email provider perhaps one of your parents still uses, announced Wednesday what appears to be an unprecedented security breach that compromised more than 1 billion Yahoo email accounts. The intrusion took place in August 2013 and Yahoo said it believes that hackers were likely able to obtain sensitive information about the accounts.
From the Associated Press:
Yahoo says the information stolen may include names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected. But the company said hackers may have also stolen passwords from the affected accounts. Technically, those passwords should be secure; Yahoo said they were scrambled twice—once by encryption and once by another technique called hashing. But hackers have become adept at cracking secured passwords by assembling huge dictionaries of similarly scrambled phrases and matching them against stolen password databases. That could mean trouble for any users who reused their Yahoo password for other online accounts.
The public disclosure by Yahoo comes just months after the internet giant announced in September that 500 million of its accounts were hacked in 2014. “Yahoo said it is forcing all of the affected users to change their passwords and it is invalidating unencrypted security questions—steps that it declined to take in September,” the New York Times reports. “The company said Wednesday that it now believes the attacker in that breach, which it says was sponsored by a government, found a way to forge credentials to log in to some users accounts without a password.”