Yahoo on Wednesday revealed that Net bandits stole data associated with 1 billion of its user accounts -- one of the largest data breaches in Internet history.
The theft, which occurred in August 2013, is distinct from the theft disclosed earlier this fall, in which 500 million accounts were compromised, Yahoo CISO Bob Lord explained.
Stolen information may include names, email addresses, telephone numbers, dates of birth, hashed passwords using MD5 encryption -- and in some cases, encrypted or unencrypted security questions and answers, according to Lord.
An unauthorized third party accessed the code Yahoo uses to create cookies, he noted. Access to that code allowed attackers to compromise accounts with forged cookies.
In response to this latest discovery, Yahoo is taking steps to secure the accounts of affected users and invalidate forged cookies, said Lord, as well as to harden its systems against similar attacks.
More Data Nicked
This latest breach at Yahoo appears worse than the previous one not only because is it bigger, but also because more-sensitive information was stolen.
"More information was released than just usernames and passwords," explained Rami Essaid CEO of Distil Networks.
"The bad guys are getting a more holistic look at these users," he told TechNewsWorld.