Yahoo Inc. announced on December 14th that hackers stole the personal information of more than one billion users, which is in addition to the 500 million accounts compromised that was announced in September.
In its announcement, Yahoo said that an investigation found that hackers stole names, email addresses, telephone numbers, dates of birth, hashed passwords, encrypted and unencrypted security questions and answers from users’ email accounts. No financial information was compromised.
Nonetheless, as we have commented before, many individuals use the same security questions and answers across websites and platforms, so the hackers are able to use the same passwords to get into users’ other online accounts. This stresses the importance of using different passwords, passphrases or combinations of passwords and passphrases to protect information in other websites or platforms.
The earlier data breach that Yahoo experienced in September landed Yahoo in court with several proposed class action complaints.
Yahoo will be notifying impacted users if they have been affected, and will be forcing those individuals to change their passwords. Yahoo users may wish to change their passphrases now, before the notification and to take a look at changing any other passwords or passphrases that may have used the same password or security answers as a Yahoo account.