Another breach at Yahoo has been confirmed by the company and it affects over a billion people. An “unauthorized third party” entered Yahoo’s system in August 2013 and gained access to names, emails, and hashed passwords. This is a distinct breach from the one that was reported in September, which impacted over 500 million accounts.
The passwords weren’t particularly secure either. They were protected using MD5, meaning it’s quite possible they were cracked a long time ago.
Yahoo recommends users change their passwords and security info on any accounts that used similar details to their Yahoo account.
More information about the incident was shared in a post from CISO Bob Lord.