And 1 billion total accounts pretty much means almost everyone got hacked. So you all should better assume you were owned and do everything you can to protect yourselves as quick as possible. This is the biggest security breach on record and makes Sony look like Fort Knox.
Quick brief news:
InDeph Story:
The Official security notice from Yahoo! itself: https://help.yahoo.com/kb/account/SLN27925.html?impressions=true
Important stuff to notice in Yahoo! official security notice:
What information was taken in the August 2013 incident?
For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.
What information was affected by the cookie forging activity?
Forged cookies could allow an intruder to access users’ accounts without a password. Based on an ongoing Yahoo investigation, we believe an unauthorized third party accessed our proprietary code to learn how to forge cookies. The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. The company is notifying the affected account holders, and has invalidated the forged cookies.
I think I received one or more emails about these issue. How do I know that they're really from Yahoo?
Click here to view the content of our notice to affected users. Please note that the emails from Yahoo about this issue will display the Yahoo Purple Y icon icon when viewed through the Yahoo website or Yahoo Mail app. Importantly, the emails do not ask you to click on any links or contain attachments and does not request your personal information. If an email you received about these issues prompts you to click on any links, download an attachment, or asks you for information, the email was not sent by Yahoo and may be an attempt to steal your personal information. Avoid clicking on links or downloading attachments from such suspicious emails.
What is Yahoo doing to protect my account?
- We have taken action to protect our users, including:
- We are requiring potentially affected users to change their passwords.
- We invalidated unencrypted security questions and answers so that they cannot be used to access an account.
- We invalidated the forged cookies and hardened our systems to secure them against similar attacks.
- We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts.
Is there anything I can do to protect myself?
- We encourage all of our users to follow these security recommendations:
- Change your password and security questions and answers for any other accounts on which you use the same or similar information used for your Yahoo Account.
- Review all of your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
- Additionally, please consider using Yahoo’s Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.
“Simple minds have always confused great honesty with great rudeness.” - Sherlock Holmes, Elementary (2013).
"Did you guys expected some actual rational fact-based reasoning? ...you should already know I'm all about BS and fraudulence." - FunFan, VGchartz (2016)