+ Tuesday July 23rd, 2019

After announcing a data breach affecting 500 million users in September, Yahoo has today announced a second breach this time affecting 1 billion accounts.

The breach announced today occurred in August 2013, an earlier hack than the previous hack which occurred in 2014. According to the blog post today, the hack in 2013 ‘may have included’ data such as ‘names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers’.

The breach wasn’t discovered by Yahoo themselves, in fact the company was informed of the breach by law enforcement, with Yahoo unable to determine how the data was stolen. In the blog post, Bob Lord, Yahoo’s Chief Information Security Officer (CSIO) said ‘We have not been able to identify the intrusion associated with this theft’.

The information included passwords hashed using MD5 encryption, though this method of salting passwords has been passed over in recent times as a non-secure method. Yahoo has advised that they will be contacting affected account holders.

If you’re using any of the number of Yahoo services available on the Web or on Google Play it’s time to check into your security. If you aren’t already we highly recommend you stop using that same old password on every site and start looking at using a password manager application such as LastPass, KeyPass or any one of the many available.

Source: Yahoo.

Daniel Tyson  


Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

1 Comment threads
1 Thread replies
Most reacted comment
Hottest comment thread
2 Comment authors
Dean RosolenPaulW Recent comment authors
newest oldest most voted
Notify of
Paul Warner
Ausdroid Reader

Why do they announce this 3 years after the damage was done?

Dean Rosolen
Ausdroid Reader
Dean Rosolen

Because they were only informed of the breach by law enforcement. If they’d found the breach themselves, they would’ve taken action sooner.

Check Also

Got Optus? Have 12 months free Apple Music because why not?

Optus customers already have access to a number of things as part of their service, …