There have been several data breaches at Yahoo over the years. Here are some of the major ones:
- 2013 breach: This breach is believed to have occurred in 2013 but was not disclosed until 2016. It affected all 3 billion Yahoo user accounts and involved stolen information such as names, email addresses, birth dates, phone numbers, and security questions and answers.
- 2014 breach: In September 2016, Yahoo announced that it had suffered a separate data breach in 2014 that had affected at least 500 million user accounts. The stolen information included names, email addresses, telephone numbers, birth dates, and hashed passwords.
- 2016 breach: In December 2016, Yahoo revealed that it had discovered yet another data breach that had occurred in August 2013, affecting over 1 billion user accounts. The stolen information included names, email addresses, telephone numbers, dates of birth, hashed passwords, and security questions and answers.
It’s worth noting that Yahoo is now owned by Verizon, and the breaches occurred before the acquisition.
The 2013 Yahoo Breach
The 2013 Yahoo data breach is considered to be one of the largest data breaches in history. The breach occurred in August 2013 but was not discovered or disclosed until September 2016. It is estimated that all 3 billion Yahoo user accounts were affected by this breach.
The stolen information from the breach included names, email addresses, birth dates, phone numbers, and encrypted or unencrypted security questions and answers. The hackers behind the breach were also able to obtain encrypted passwords, but Yahoo claimed that they were salted, which means that they were protected by an additional layer of security.
Yahoo has stated that the breach was likely carried out by “state-sponsored” hackers, though it has not identified which country was responsible. In 2017, the US government charged four people, including two officers of the Russian Federal Security Service, in connection with the breach.
The 2013 Yahoo data breach was a major blow to the company, which at the time was one of the largest email providers in the world.
The 2014 Yahoo Breach
The 2014 Yahoo data breach was a separate incident from the 2013 breach and was announced by the company in September 2016. The breach affected at least 500 million user accounts and is believed to have occurred in late 2014.
The stolen information included names, email addresses, telephone numbers, birth dates, and hashed passwords. Yahoo stated that the hashed passwords were protected by an additional layer of security, but did not confirm whether or not they were salted.
The company believed that the breach was carried out by a “state-sponsored” actor, but did not identify which country was responsible. In 2017, the US government charged two Russian intelligence agents and two other individuals in connection with the breach.
The 2014 Yahoo data breach was another significant blow to the company, which was already dealing with the fallout from the 2013 breach.
The 2016 Yahoo Breach
The 2016 Yahoo data breach was another significant breach that affected the company’s users. Yahoo announced the breach in December 2016, stating that it had discovered the incident while investigating a separate issue.
The breach occurred in August 2013 and affected over 1 billion user accounts, making it one of the largest data breaches in history. The stolen information included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.
Yahoo stated that the hashed passwords were protected by an additional layer of security, but did not confirm whether or not they were salted. The company also claimed that it believed the breach was carried out by a “state-sponsored” actor, but did not identify which country was responsible.
The 2016 Yahoo data breach further eroded user trust in the company and led to criticism of its handling of the previous breaches. It also played a role in the reduction of the sale price of Yahoo’s core internet business to Verizon.