Yahoo on Wednesday revealed that Net bandits stole data associated with 1 billion of its user accounts - one of the largest data breaches in Internet history.
The theft, which occurred in August 2013, is distinct from the theft disclosed this fall, in which 500 million accounts were compromised, Yahoo CISO Bob Lord explained.
Stolen information may include names, email addresses, telephone numbers, dates of birth, hashed passwords using MD5 encryption - and in some cases, encrypted or unencrypted security questions and answers, according to Lord.
An unauthorized third party accessed the code Yahoo uses to create cookies, he noted. Access to that code allowed attackers to compromise accounts with forged cookies.
In response to this latest discovery, Yahoo is taking steps to secure the accounts of affected users and invalidate forged cookies, said Lord, as well as to harden its systems against similar attacks.
