2013 Yahoo breach larger than originally thought

Photo courtesy of Yahoo

Another week, another information breach. Or, in this case, some new information about Yahoo’s 2013 security breach. On October 3rd, Yahoo released a memo that their 2013 breach, previously believed to have affected “at least 500 million” accounts, actually affected every single one of its 3 billion accounts. Essentially, if you had a Yahoo account in 2013, your account was compromised. Yahoo says that the information stolen was encrypted using the MD5 algorithm, which was considered insecure even at that time. As a result, it’s likely that the hackers were able to unencrypt the passwords stolen.

Following the breach in 2013, Yahoo’s top lawyer resigned, and then-CEO, Marissa Mayer lost her 2016 bonus. Yahoo was acquired by Verizon Communications four months ago. Verizon’s offer dropped by $350 million after it was announced that 500 million accounts were compromised. The terms of the deal required Verizon and Yahoo to share equally the legal costs from the data breach, so it is likely that Verizon will also take a hit from all of this as well.

It may be four years too late, but if you have a Yahoo account, including Flickr, go change your password.