Yahoo is revealing another set of data breach dating back to August 2013. Yahoo has announced a new discovery of data breach which exposed names, emails and hashed passwords of over a billion users. Yahoo says the new breach does not involve any payment details and it is distinct from the data breach announced in September.
In a blog post, Yahoo CISO Bob Lord notes the data breach was conducted by an unauthorised third party. The passwords involved with the data breach were hashed using MD5 algorithm. The post also mentions that Yahoo's proprietary code to learn 'how to forge cookies' were accessed by an unauthorised third party leading to this data breach. Yahoo says the data breach method used here is similar to state-sponsored attack disclosed in September.
Since the September announcement, Yahoo has lost its credibility as a secure platform for hosting services. The company's value diminished overtime with Verizon snapping the company for a mere $4.83 billion. That deal is still pending and this new announcement could bring new hesitation in Verizon boards.
Yahoo once had a valuation of $100 billion in the middle of the 'dot com' bubble. Yahoo says it is ensuring safety of its users by protecting their accounts and invalidating unencrypted security questions.