Yahoo is quickly becoming the poster-child for poor cybersecurity. The company has posted a notice admitting to suffering yet another data breach that has compromised one billion accounts. To make things worse, this appears to be completely unrelated to the breach that exposed 500 million accounts.
Investigators say that the breach took place in August 2013, with the hackers making off with “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.” Which is just about everything that a hacker really wants, aside from credit card payment information.
Adding to the problems is a third incident where Yahoo says that hackers managed to steal proprietary code for making cookies. This has allowed them to create forged cookies that have affected an undisclosed number of users. Yahoo has shut down the forged credentials, and informed the affected users.
At this point there probably isn’t anything left to steal from Yahoo, which is extremely bad news for those who have been maintaining an account with the former internet giant.
It is also bad news for Yahoo’s board of directors, who have been trying to sell the company. Potential buyers have been backing off over the news of the last breach, and these latest incidents are only going to make the company less attractive.