Yahoo has disclosed a new data breach affecting more than 1 billion user accounts. According to the company, this data breach – which is different than and unrelated to the one disclosed this past September – involved an unknown third party stealing user account data in August 2013. The stolen data includes names, email addresses, birth dates, phone numbers, MD5 hashed passwords and both encrypted and unencrypted security Q&As.
Yahoo detailed the news yesterday evening in a Tumblr post. According to that statement, Yahoo was made aware of a possible data breach via an alert from law enforcement. A company investigation into the matter revealed the August 2013 data theft, though the company states it hasn’t figured out how the intrusion took place.
Affected Yahoo users are being notified of the data theft. The company has invalidated unencrypted security questions and answers, and is requiring users to reset their account passwords. The company further advises its users to monitor their accounts for suspicious activity and messages, and to avoid providing personal info or clicking links/downloads within suspicious emails. This security breach, of course, potentially affects users across all Yahoo properties that require a Yahoo account for access, including Flickr.