Verizon Communications has made a big revelation about the Data Theft yahoo reported back in December. In its recent filing with the Securities and Exchange Commission (SEC), Verizon has revealed that all three billion Yahoo accounts which existed at the time of the August 2013 data theft were compromised.
Now a part of Verizon Communications thru its subsidiary, Oath Inc., Yahoo has released additional information about the said cyberattack entitled, “Yahoo 2013 Account Security Update FAQs”. Along with the explanation about the data theft and the discovery of the affected users, Yahoo has released Q&A guides as to what Yahoo users must do in order to protect their accounts.
All 3 billion accounts affected
Back in December, Yahoo disclosed that an unauthorized third party managed to stole data from more than one billion accounts back in August 2013. In response to the data theft and preventing future attacks, Yahoo has posted public notice on its website, has issued a press release and has reached out to possible affected users
“Verizon is committed to the highest standards of accountability and transparency,” Verizon Chief Information Security Officer Chandra McMahon. She added that Verizon has and will remain vigilant in ensuring the safety and security of all their networks from online threats. McMahon stated that Yahoo had taken significant steps to enhance their security.
Yahoo has dedicated a web page solely to answer questions and inquiries about the August 2013 data theft. On the question of whether one’s account is affected or not, Yahoo responded that “based on an analysis of the information with the assistance of outside forensic experts, Yahoo has determined that all accounts that existed at the time of the August 2013 theft were likely affected.”
Currently, Yahoo has been sending emails to all affected users about the update on the data theft.
In addition, the web service provider has also issued a disclaimer stating that the email they will send to the affected users does not contain any link, attachment nor asking for personal information.
What’s breached and what’s not
While Yahoo admitted that all accounts were likely breached, they confirm that the information taken does not include passwords in clear text, payment card data, or bank account information.
Yahoo clarified that the sensitive payment data and bank account data are not stored on the affected system.
The once most popular website in the United States, Yahoo revealed that the stolen information were limited to the name, email address, telephone number/s, date of birth, and hashed passwords (using MD5). The August 2013 data theft may have also breached the encrypted or unencrypted security questions and answers.