Popular news and mail service provider Yahoo has been hacked again. The company has stated that the 3 years old breach has left 1 billion users vulnerable and is believed to be different from the data compromisation that affected 500 million users back in September.
Bob Lord, Yahoo’s chief has stated that he has no clue about how the 1 billion data’s of users were nicked from them. As per the report, the hacked account information may include various sensitive information including names, date of births, email addresses, phone numbers, and even MD5 hashed passwords(which is kinda scary).
The ridiculous breach was informed by law enforcement and has been further examined by other forensic experts. The examined data, as stated, doesn’t include any credit card information or plain passwords, however, Yahoo users shouldn’t breathe a sigh of relief since the MD5 hash is no longer considered secure and can be easily used to retrieve passwords, online.
The case gets even worse as Yahoo has stated that their proprietary code has also been stolen by the hacker, which has been used to forge cookies and access the user’s account without passwords. As stated the forensic experts have already identified the accounts for which forged cookies were used. Lord further added that a state-sponsored actor was behind this huge attack.
The attack clearly shows the fragile security of Yahoo that invited the theft of data of 500 million users, back in 2014, which was only announced this September. Yahoo has already agreed to fall into Verizon’s arms for nearly $4.83 billion, but the recent security attack has already steered the prediction that Verizon might ask a $1 billion discount on the purchase.