In September it was revealed that Yahoo was the target of a 2014 attack to the tune of 500 million accounts. It looks like Yahoo has a definite glass jaw as it has been revealed that an attacking going back to August 2013 exposed some one billion users’ personal information.
The second attack was announced yesterday by Yahoo CISO Bob Lord and states that “law enforcement provided us with data files that a third party claimed was Yahoo user data.” While the company hasn’t been able to identity what entity did the breach, it does believe it’s a separate attack from the one in 2014 possibly by the same group or person.
This attack has the same trademark as the one announced in September: information such as personal contact information, hashed passwords, and in other cases security answers were targeted. As was the case in the first attack, Yahoo said that clear passwords, card information, and bank information weren’t included.
Even if you already changed your password information from when the 2014 attack was announced, it’s suggested that you update your passwords and security information again. Yahoo says that it is taking the same steps from before in notifying users who may have been affected and will ask that they change their passwords and security questions since they already tossed those questions out for users.