Select a region
Yahoo has revealed one billion users had data stolen in a 2013 cyber attack.
The tech giant, currently the subject of a takeover by telecoms firm Verizon, said personal information including names, email addresses and security questions were accessed by a “third-party”.
However, the company said no financial information is at risk as it is not stored in the affected system.
Here’s what you need to know about this incredible cyber attack.
The firm says it was contacted by authorities in November with a large number of data files that hackers had claimed were Yahoo user data.
Yahoo said it has now come to the conclusion it is personal information stolen from its system.
It said: “Based on further analysis of this data by the forensic experts, we believe an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts.”
It also said it believes the attack is separate to the one it reported in September, which affected around 500 million users and is said to have occurred in 2014.
But the incident could have been carried out by the same “state-sponsored actor”.
The attack was said to have been carried out through the creation of forged “cookies” – pieces of data stored in a user’s browser from websites they visit.
They are used so a website doesn’t need a log-in with each visit. The attackers’ forged cookies enabled them to gain access without passwords, the creation of which is likely to be related to the theft of Yahoo’s proprietary code.
The figure stated by Yahoo suggests their entire user base – around one billion – has been affected, which according to a comScore report from October this year includes more than 32 million people in the UK.
Yahoo is yet to disclose a country breakdown of how many accounts have been affected. However, the company has a range of services, including email, Tumblr, Flickr and Yahoo Finance, all of which are believed to be at risk.
The overall figure may not be as high as one billion though, as many people have multiple or dormant accounts.
All are being encouraged to change their passwords and security questions, and to also do so “for any other accounts on which you used the same or similar information used for your Yahoo account”.
Yahoo added: “We are notifying potentially affected users and have taken steps to secure their accounts, including requiring users to change their passwords.
“We have also invalidated unencrypted security questions and answers so that they cannot be used to access an account.”
The company has warned users to be cautious of unsolicited communications that ask for personal information and to avoid clicking links in emails that appear suspicious.
