Internet giant Yahoo has admitted that around one billion accounts were likely compromised in a 2013 data breach.
You may be thinking that you've read this story before. Yahoo confirmed a few months ago that around half a billion accounts were hacked in 2014, but it looks – astonishingly – as if that's an entirely separate incident to this new one.
Yahoo has blamed an unauthorised party” for the attack, that it alleges was state-sponsored”. It centred on the theft of cookie data. The incident was only discovered last month.
For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,” the company said.
The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.”
Yahoo is supposed to be in the middle of a $4.8bn acquisition by Verizon, although that number is likely tumbling by the minute.