Yahoo reports user data leakage and recommends changing passwords
This morning, an email came from Yahoo with important safety information for users. The letter reported that confirmed the leakage of user data.
Among the data leaked to the network can be: user names, email addresses, phone numbers, dates of birth, password hashes (MD5), as well as in some cases, encrypted or unencrypted secret questions and answers. There are no passwords in the open form among the data. Also among the data there is no information on bank cards and accounts, it is believed that the systems storing these data were not affected.
Yahoo recommends that its users:
')
It is also recommended to switch to using the Yahoo Account Key to stop using passwords on the Yahoo system.
In November 2016, the data was analyzed and it was confirmed that the data belong to Yahoo users. Further study of the data revealed that the leak occurred in August 2013 and covers a large number of accounts. The invasion associated with this incident was not detected, and it is alleged that it is not related to the incident disclosed on September 22, 2016 .
Yahoo has already done the following work:
Among the data leaked to the network can be: user names, email addresses, phone numbers, dates of birth, password hashes (MD5), as well as in some cases, encrypted or unencrypted secret questions and answers. There are no passwords in the open form among the data. Also among the data there is no information on bank cards and accounts, it is believed that the systems storing these data were not affected.
Yahoo recommends that its users:
')
- Change passwords, secret questions and answers to them for all accounts that use similar data;
- Check all your accounts for suspicious activity;
It is also recommended to switch to using the Yahoo Account Key to stop using passwords on the Yahoo system.
Few details from the letter
In November 2016, the data was analyzed and it was confirmed that the data belong to Yahoo users. Further study of the data revealed that the leak occurred in August 2013 and covers a large number of accounts. The invasion associated with this incident was not detected, and it is alleged that it is not related to the incident disclosed on September 22, 2016 .
Yahoo has already done the following work:
- We recommended that users whose accounts may have been affected change their passwords.
- Unencrypted secret questions and answers were canceled.
- Continue to improve security.
Actually the text of the letter itself (in English):
Topic: Important Security Information for Yahoo Users
NOTICE OF DATA BREACH
Dear User,
This is your account. We have taken steps to secure your account and are working closely with law enforcement.
What Happened?
Law enforcement provided Yahoo user data. It was a Yahoo user data. We’ve given you a list of user accounts, including yours. This has been associated with this. We announced on September 22, 2016.
What Information Was Involved?
You can have passwords (using MD5), in some cases, encrypted or unencrypted security questions and answers. May not have been available for your account. It does not include passwords in clear text, payment card data, or bank account information. We believe was affected.
What we are doing
We are taking action to protect our users:
Their passwords.
We can’t be used to access an account.
And prevent unauthorized access to user accounts.
What you can do
We encourage you to follow these security recommendations:
If you’re using your account?
Review all accounts for suspicious activity.
If you are looking for personal information, please contact us.
Avoid clicking on links or downloading attachments from suspicious emails.
Additionally, please consider using the Yahoo!
For More Information
Please visit the Yahoo Security Issues FAQs page available at yahoo.com/security-update .
We strengthen your defenses.
Sincerely
Bob lord
Chief Information Security Officer
Yahoo
NOTICE OF DATA BREACH
Dear User,
This is your account. We have taken steps to secure your account and are working closely with law enforcement.
What Happened?
Law enforcement provided Yahoo user data. It was a Yahoo user data. We’ve given you a list of user accounts, including yours. This has been associated with this. We announced on September 22, 2016.
What Information Was Involved?
You can have passwords (using MD5), in some cases, encrypted or unencrypted security questions and answers. May not have been available for your account. It does not include passwords in clear text, payment card data, or bank account information. We believe was affected.
What we are doing
We are taking action to protect our users:
Their passwords.
We can’t be used to access an account.
And prevent unauthorized access to user accounts.
What you can do
We encourage you to follow these security recommendations:
If you’re using your account?
Review all accounts for suspicious activity.
If you are looking for personal information, please contact us.
Avoid clicking on links or downloading attachments from suspicious emails.
Additionally, please consider using the Yahoo!
For More Information
Please visit the Yahoo Security Issues FAQs page available at yahoo.com/security-update .
We strengthen your defenses.
Sincerely
Bob lord
Chief Information Security Officer
Yahoo
Source: https://habr.com/ru/post/372977/
All Articles