Just a couple of months after Yahoo! admitted personal data for 500 million Yahoo! users was stolen in 2014, the company has now revealed that data for a billion users went astray in 2013.
Yahoo! user’s names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers was stolen. Thankfully banking data for users was stored in a different database.
Yahoo! don’t really know how the security breach occurred but say it was a separate incident to the 2014 incident. Data which was claimed to be Yahoo!’s turned out to be genuine and they believe it was stolen in August 2013.
Yahoo! strongly suggest that you change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account, although of course you may well have already done this three months ago in which case you should be fairly safe.
It appears we now live in a world where user names and passwords will routinely be stolen en masse and there’s little we can do about it. Using different credential for each site we log into and crossing our fingers is about the best we can hope for. Plus of course never clicking on links or download attachments from suspicious emails and treating any online request for personal data with the same suspicion you would if someone knocked on your front door and demanded you confirm your date of birth, mothers maiden name and your bank card PIN.