Update: Yahoo! Estimates 3 Billion Accounts Compromised in 2013 Data Breach

Yahoo! revised its estimate of the number of accounts that were impacted as a result of a breach that occurred in August 2013 when an unauthorized third party stole data including names, email addresses, telephone numbers, dates of birth, MD5 hashed passwords, and in some cases, encrypted or unencrypted security questions and answers. In December 2016, Yahoo! announced that one billion accounts were impacted as a result of the 2013 data breach, separate from a data breach that occurred in late 2014 that affected 500 million user accounts. Yahoo!, which was recently acquired by Verizon, updated its estimate after obtaining new information regarding the extent of the August 2013 breach, and announced on October 3, 2017 that all three billion user accounts were impacted. The NJCCIC recommends that Yahoo! users who have not yet changed their passwords or have not implemented two-factor authentication (2FA) on their accounts since the announcements of the previous breaches should do so immediately. Additionally, change passwords and enable 2FA on any accounts or online services associated with Yahoo! user accounts such as banking or social media accounts. Twofactorauth.orgprovides a list of online services that support 2FA.