Yahoo has disclosed that all 3 billion Yahoo accounts were compromised in 2013, rather than the 1 billion previously reported.
The once powerful search engine, which was breached in 2013, only reported the impact on its security failure in 2016. Now under the ultimate ownership of Verizon Communications, the company believes that anyone with a yahoo email address, Flikr credentials or other account details for a Yahoo service pre-dating 2013 was put at risk.
Fresh evidence of the scale of the breach was unearthed by Oath, Verizon’s subsidiary which recently merged Yahoo and AOL into a media battalion it hopes can help combat the ever consolidated global power of Google, and bigger second-tier competitors Bing and Baidu.
Compromised user data includes names, email addresses, telephone numbers, dates of birth, and in some cases passwords or private security questions/answers. Financial data, such as card or bank information, held on separate systems, were not affected.
Users are strongly advised to change passwords, including those of accounts on other platforms which may use similar credentials.
Although Yahoo took decisive action to secure the breached accounts – forcing all users to changes their passwords, Yahoo’s very late disclosure of the data breach itself was widely condemned by the technology community, and was ultimately responsible for it’s $350m discounted valuation upon acquisition by Verizon. The Guardian reports that Yahoo itself is also currently facing 43 class action lawsuits over the security failing.
Under new UK General Data Protection Regulation (GDPR) rules, set to come into force next year, all UK companies (or those dealing with personal data from the EEA) must notify users within 72 hours of being made aware of a data breach – with strict penalties expected to be levied against breached companies which fail their statutory data protection duties.
For cybersecurity assistance and IT Support, please contact Lineal today.