Skip to main content

Yahoo Announces 1 Billion User Accounts Affected by Data Breach—Yes, Another One

A sequel that is truly bigger but not better.


Back in September, Yahoo revealed that they—and their users—had been the victims of a large-scale data breach of some 500 million users, which occurred way back in 2014. Now, they’re warning users of another security breach from August 2013, which they believe to be a completely separate instance that affected as many as one billion users. If we keep up this pattern, we may eventually uncover a data breach from the time period when people actually used Yahoo.

OK, fine, plenty of people still use Yahoo for some reason, but even dormant accounts can come back to bite you in the event that personal information is stolen. What information was involved in the hack? Yahoo’s release on the subject mentions that “stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.”

While hashing passwords (algorithmically obscuring them) makes them more difficult for intruders to decipher than, say, just storing the passwords as human-readable text (which would be absurd), the “MD5” algorithm employed by Yahoo isn’t exactly the most secure. It’s been around since 1991 and has had its security greatly diminished in the time since then. In short: Change your password(s) if you use the same one on multiple accounts and/or haven’t changed it since the days when you used Yahoo. Maybe consider changing some of your security questions on sites that use them if you tend to gravitate towards the same questions.

Otherwise, there’s not a whole lot to be done but hope, and maybe enable two-factor authentication—especially on your main email address, which should already use a different password from all your other Internet-based accounts, at the very least. If you were affected, you should have received an email from Yahoo on the matter (like I did, despite not recalling ever having a Yahoo account, which immediately caused me to feel like Obi-Wan not remembering R2 in A New Hope), who also advise that you check any important accounts for suspicious activity. However, if they probably don’t have your current email but you’ve ever used Yahoo, you might want to take precautions anyway.

Stay safe out there, and remember to take all possible measures to take your web security seriously, because you’re probably the only one who does.

(via Yahoo, image via Yahoo)

Want more stories like this? Become a subscriber and support the site!

The Mary Sue has a strict comment policy that forbids, but is not limited to, personal insults toward anyone, hate speech, and trolling.—

Follow The Mary Sue on Twitter, Facebook, Tumblr, Pinterest, & Google+.

Have a tip we should know? [email protected]

Filed Under:

Follow The Mary Sue:

Dan Van Winkle (he) is an editor and manager who has been working in digital media since 2013, first at now-defunct Geekosystem (RIP), and then at The Mary Sue starting in 2014, specializing in gaming, science, and technology. Outside of his professional experience, he has been active in video game modding and development as a hobby for many years. He lives in North Carolina with Lisa Brown (his wife) and Liz Lemon (their dog), both of whom are the best, and you will regret challenging him at Smash Bros.