Stuart Breckenridge

Yahoo's 2013 Data Breach Expanded to 2015 and 2016

The timing and frequency of Yahoo’s announcements in relation to their myriad data breaches makes it extremely difficult to follow just what’s going on. I’ve tried to summarise the history below.

Date Details Links
December 2016 Yahoo announce data breach of over one billion accounts. These accounts were compromised in August 2013. Link
September 2016 Yahoo announce data breach of 500 million accounts. These accounts were compromised in 2014. Link
August 2016 It was revealed that details of 200 million Yahoo accounts were being sold online. These accounts were compromised in 2012. Link

Today, in relation to the December 2016 announcement, the Associated Press is reporting:

Yahoo is warning users of potentially malicious activity on their accounts between 2015 and 2016, the latest development in the internet company’s investigation of a mega-breach that exposed 1 billion users’ data several years ago.

Yahoo confirmed Wednesday that it was notifying users that their accounts had potentially been compromised but declined to say how many people were affected.

There have been data breaches each and every year from 2012 through 2016, affecting over 1.7 billion accounts. In December of last year I wrote:

While Yahoo are taking steps to invalidate forged cookies, invalidate unencrypted security questions, and forcing users to change their passwords, I am of the opinion that having an account with them is somewhat of a liability. As such, I’ve taken the decision to terminate my account and have it deleted. If you wish to do the same, simply log in to Yahoo and then visit edit.yahoo.com/config/delete_user and follow the instructions.

I’d just go straight ahead and delete your account.


Supported by