SUBSCRIBE
SUBSCRIBE
EXPLORE +
  • About infoDOCKET
  • Academic Libraries on LJ
  • Research on LJ
  • News on LJ
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Libraries
    • Academic Libraries
    • Government Libraries
    • National Libraries
    • Public Libraries
  • Companies (Publishers/Vendors)
    • EBSCO
    • Elsevier
    • Ex Libris
    • Frontiers
    • Gale
    • PLOS
    • Scholastic
  • New Resources
    • Dashboards
    • Data Files
    • Digital Collections
    • Digital Preservation
    • Interactive Tools
    • Maps
    • Other
    • Podcasts
    • Productivity
  • New Research
    • Conference Presentations
    • Journal Articles
    • Lecture
    • New Issue
    • Reports
  • Topics
    • Archives & Special Collections
    • Associations & Organizations
    • Awards
    • Funding
    • Interviews
    • Jobs
    • Management & Leadership
    • News
    • Patrons & Users
    • Preservation
    • Profiles
    • Publishing
    • Roundup
    • Scholarly Communications
      • Open Access

December 14, 2016 by Gary Price

Data Theft: Hackers Stole Data From MORE THAN ONE BILLION Yahoo User Accounts

December 14, 2016 by Gary Price

As noted in the Yahoo statement below the incident discussed is “LIKELY DISTINCT” from another breach the company first disclosed about three months ago.
Full Text of Yahoo Statement:

Yahoo! has identified data security issues concerning certain Yahoo user accounts. Yahoo has taken steps to secure user accounts and is working closely with law enforcement.
As Yahoo previously disclosed in November, law enforcement provided the company with data files that a third party claimed was Yahoo user data. The company analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data.
[Our emphasis] Based on further analysis of this data by the forensic experts, Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. The company has not been able to identify the intrusion associated with this theft. Yahoo believes this incident is likely distinct from the incident the company disclosed on September 22, 2016.
For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.
The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.
Yahoo is notifying potentially affected users and has taken steps to secure their accounts, including requiring users to change their passwords. Yahoo has also invalidated unencrypted security questions and answers so that they cannot be used to access an account.
Separately, Yahoo previously disclosed that its outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the ongoing investigation, the company believes an unauthorized third party accessed the company’s proprietary code to learn how to forge cookies. The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. Yahoo is notifying the affected account holders, and has invalidated the forged cookies. The company has connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.
Yahoo encourages users to review all of their online accounts for suspicious activity and to change their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account. The company further recommends that users avoid clicking links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information. Additionally, Yahoo recommends using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.

See Also: Verizon on Yahoo Data Breach: We Will Evaluate Situation (via CNBC)

Filed under: Data Files, News, Patrons and Users

SHARE:

About Gary Price

Gary Price (gprice@mediasourceinc.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. Before launching INFOdocket, Price and Shirl Kennedy were the founders and senior editors at ResourceShelf and DocuTicker for 10 years. From 2006-2009 he was Director of Online Information Services at Ask.com, and is currently a contributing editor at Search Engine Land.

ADVERTISEMENT

Archives

Job Zone

ADVERTISEMENT

Recent Articles on LJ

There Are No Lanes: Rural Libraries Do It ALL | Backtalk

Dartmouth Repatriates Samson Occom Papers to Mohegan Tribe

Tour de France: A Watching, Reading, and Listening Guide | Your Home Librarian

From the Top: Library Leaders Talk EDI | Equity

After the MLIS

ADVERTISEMENT

Related Infodocket Posts

Julie Mosbo Ballestro Appointed University Librarian at Texas A&M University

Full Text of a Texas A&M University Libraries Announcement: We are pleased to announce the appointment of Julie Mosbo Ballestro as University Librarian and Assistant Provost of University Libraries at ...

New Report From EBLIDA: "First European Overview on E-Lending in Public Libraries"

From an EBLIDA (European Bureau of Library, Information and Documentation Associations) Post: EBLIDA is laying the foundation for “sustainable copyright” in public libraries through the publication of the “First European ...

New Video Recording From Rare Book School: "Making and Reading Indigenous Archives"

The Rare Book School (U. of Virginia) video embedded below (a National Endowment for the Humanities-Global Book Histories Initiative Lecture by Kelly Wisecup) was recorded on June 15, 2022. From ...

New Funding: Digital Public Library of America (DPLA) Awarded $850,000 by Mellon Foundation to Support the Advancement of...

From a DPLA Announcement: Digital Public Library of America (DPLA) is pleased to announce an $850,000 grant from the Mellon Foundation to support its effort to advance racial justice in ...

Roundup (June 27, 2022)

Coherent Digital Launches South Asia Archive on the Coherent Commons Platform The Longest-Running Queer News Radio Show Is Headed to the Library of Congress (via NPR) University of Cambridge Now ...

Report: "The Important Role Libraries Play in Building a Creative and Innovative Society"

From ArchDaily: As gateways to knowledge and culture, libraries play a fundamental role in society. Foundational in creating opportunities for learning, as well as supporting literacy and education, the resources ...

Not Real News: An Associated Press Roundup of Untrue Stories Shared Widely on Social Media This Week

From the Associated Press: A roundup of some of the most popular but completely untrue stories and visuals of the week. None of these are legit, even though they were ...

Statement: American Library Association (ALA) Condemns Threats of Violence in Libraries

Full Text of ALA Statement (6/24): In response to the alarming increase in acts of aggression toward library workers and patrons as reported by press across the country, the American ...

Roundup (June 24, 2022)

FCC and IMLS Sign Agreement to Promote Broadband Access Library Impact Research Report: Impact of Archival Collections and Services on the Western University Department of History (via ARL) More Than ...

Report: "Vatican Releases Thousands of Holocaust-Era Letters and Requests Online"

From the Associated Press (via Times of Israel): Pope Francis orders the online publication of 170 volumes of its Jewish files from the recently opened Pope Pius XII archives, the ...

The New York Public Library Opens a ‘Virtual Branch’ on Instagram and Launches a Reading Recommendation Project Using...

From NYPL: The virtual branch— a custom designed interactive AR (Augmented Reality) Effect accessible via Instagram Reels is the centerpiece of #NYPLSummerBookshelf, a new initiative to spark a love of ...

Roundup (June 23, 2022)

CLIR Invites Proposals for Pocket Burgundy Series (via Council on Library and Information Resources) Oregon’s State Library added to National Register of Historic Places (via Oregon Capital Chronicle)

ADVERTISEMENT

FOLLOW INFODOCKET ON TWITTER

Tweets by @infodocket

ADVERTISEMENT

This coverage is free for all visitors. Your support makes this possible.

This coverage is free for all visitors. Your support makes this possible.

Primary Sidebar

  • News
  • Reviews+
  • Technology
  • Programs+
  • Design
  • Leadership
  • People
  • COVID-19
  • Advocacy
  • Opinion
  • INFOdocket
  • Job Zone

Reviews+

  • Booklists
  • Prepub Alert
  • Book Pulse
  • Media
  • Readers' Advisory
  • Self-Published Books
  • Review Submissions
  • Review for LJ

Awards

  • Library of the Year
  • Librarian of the Year
  • Movers & Shakers 2022
  • Paralibrarian of the Year
  • Best Small Library
  • Marketer of the Year
  • All Awards Guidelines
  • Community Impact Prize

Resources

  • LJ Index/Star Libraries
  • Research
  • White Papers / Case Studies

Events & PD

  • Online Courses
  • In-Person Events
  • Virtual Events
  • Webcasts
  • About Us
  • Contact Us
  • Advertise
  • Subscribe
  • Media Inquiries
  • Newsletter Sign Up
  • Submit Features/News
  • Data Privacy
  • Terms of Use
  • Terms of Sale
  • FAQs
  • Careers at MSI


© 2022 Library Journal. All rights reserved.


© 2022 Library Journal. All rights reserved.