NEW YORK (AP) — Yahoo says it believes hackers stole data from more than one billion user accounts in August 2013, in what is thought to be the largest data breach at an email provider.
The Sunnyvale, California, company was also home to what’s now most likely the second largest hack in history, one that exposed 500 million Yahoo accounts . The company disclosed that breach in September. Yahoo said it hasn’t identified the intrusion associated with this theft.
Yahoo says the information stolen may include names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.
But the company said hackers may have also stolen passwords from the affected accounts. Technically, those passwords should be secure; Yahoo said they were scrambled twice — once by encryption and once by another technique called hashing. But hackers have become adept at cracking secured passwords by assembling huge dictionaries of similarly scrambled phrases and matching them against stolen password databases.
Yahoo said Wednesday that it is requiring users to change their passwords and invalidating security questions so they can’t be used to hack into accounts.