Yahoo Data Breach

About

The Yahoo data breach is a series of significant cyber attacks that affected Yahoo's user base, marking it as one of the largest data breaches in history. The most notable incidents occurred in 2013 and 2014. In August 2013, hackers exploited a vulnerability in Yahoo's system, affecting all 3 billion user accounts. This breach remained undetected for three years, allowing hackers to steal personal data, including names, email addresses, and hashed passwords. Hackers also obtained Yahoo's proprietary cookie generation code, enabling them to create fake cookies to access user accounts without passwords. The 2014 breach affected over 500 million user accounts, with hackers stealing similar personal data. Both breaches involved sensitive information like security questions and answers. Yahoo responded by enhancing security measures, invalidating unencrypted security questions, and prompting users to change passwords. The breaches led to significant financial penalties and legal challenges, including a $117.5 million class-action settlement and a $35 million SEC fine. The incidents highlighted the importance of robust cybersecurity practices and timely disclosure of breaches to protect user data and maintain trust.