Yahoo announced that hackers stole data from over one billion accounts in 2013. According to the company, the data may have included names, email IDs, phone numbers, hashed passwords, and "encrypted or unencrypted security questions and answers."
This attack is separate from the one Yahoo disclosed back in September, in which the company believed a "state-sponsored actor" compromised its servers to access user data from over 500 million accounts. However, it looks like the same hackers were able to make away with more data this time around.
From the official announcement on Tumblr:
Yahoo also said that the hackers were able to forge the company's authentication "cookies," allowing them access to user accounts without the need for a password:
If you have a Yahoo account, it's time you changed your password. Create a strong password, and ensure the password you use on the service isn't reused anywhere else. You should also enable two-factor authentication for your Yahoo account.
Be an expert in 5 minutes
Get the latest news from Android Central, your trusted companion in the world of Android
Harish Jonnalagadda is a Senior Editor overseeing Asia at Android Central. He leads the site's coverage of Chinese phone brands, contributing to reviews, features, and buying guides. He also writes about storage servers, audio products, and the semiconductor industry. Contact him on Twitter at @chunkynerd.