« Return to News

Information about the most recent Yahoo! email hack

Posted On: December 16, 2016

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestEmail this to someone

A newly revealed Yahoo data breach, which occurred in 2013, involved personal information associated with more than one billion user accounts, twice those affected in a different incursion disclosed in September.


The stolen user-account information may have included names, email addresses, telephone numbers, birthdates, hashed passwords, and, in some cases, encrypted or unencrypted security questions and answers. The investigation, according to Yahoo, so far indicates the stolen information did not include passwords in clear text, payment card data, or financial account information.


The Sunnyvale, Calif.-based search company, which is being acquired by Verizon for about $4.8 billion, said an unauthorized third party stole the data and that it was working closely with law enforcement.


Yahoo said it believed the latest incident was likely distinct from the breach disclosed in September, when it revealed personal information associated with at least 500 million user accounts, including names, passwords, birthdates, and email addresses, was stolen in 2014. In a statement in September, Yahoo said the compromised information was taken by an unnamed state-sponsored actor.


The Yahoo data breaches, and other incidents involving the release of personally identifiable information, has broader implications for financial institutions and other businesses.


“Yahoo should know that it is an invaluable target for cybercrime syndicates and nation-states and invest the resources to protect its data accordingly,” Kenneth Geers, senior research scientist at Clifton, N.J.-based cybersecurity firm Comodo Enterprise, said. “We shouldn’t forget that an insider, a rival corporation, or even a nation-state might operate purely out of selfish financial considerations,” Geers added.


Scott Fulton, technical fellow at Phoenix-based security company BeyondTrust, also commented. “Now more than ever companies need to protect themselves when other companies are compromised. We all know users reuse passwords and we can almost guarantee that the answers to user’s internal secret questions are the same as their personal secret questions.”

It is recommended that every single Yahoo! user update their passwords IMMEDIATELY. This is to provide a safeguard to help prevent hackers from accessing your information without you knowing.

previous post: Watch out for Phishing Scams!
next post: NCUA Warns of Fake Check Scams

Upcoming Events

  1. Jul 22, 2017

    Newburgh Shred Day

    9AM–1PM, Newburgh (Click here)
  2. Aug 19, 2017

    Rykowski Shred Day

    9AM–1PM, HHFCU Headquarters (Click here)
  3. Sep 23, 2017

    Montgomery Shred Day

    9AM–1PM, Montgomery Branch (Click here)
  4. Oct 7, 2017

    New Paltz Shred Day

    9AM–1PM, New Paltz Main Branch (Click here)