Back

Yahoo Confirms Breach of Over 1 Billion Accounts Linked to State-Sponsored Actors

Severity: High (Score: 77.9)

Sources: Digitaljournal, techcrunch.com, www.theguardian.com, www.wired.com

Published: 2026-06-03 · Updated: 2026-06-03

Keywords: yahoo, accounts, breach, billion, user, hack, data

Severity indicators: breach

Summary

Yahoo has disclosed a massive data breach affecting more than one billion user accounts, which occurred in August 2013. This breach is separate from a previously reported incident in 2014 that compromised 500 million accounts. The company believes state-sponsored actors are involved, utilizing sophisticated methods to forge cookies that allowed unauthorized access without passwords. Affected data may include names, email addresses, phone numbers, dates of birth, and hashed passwords. Yahoo is notifying all impacted users and mandating password changes. The breach raises concerns about the company's security practices and could impact Verizon's acquisition deal. Forensic experts are still investigating the specifics of the intrusion, which remains unidentified. Key Points: • Yahoo's breach affects over 1 billion accounts, making it the largest in history. • The attack involved state-sponsored actors using forged cookies for unauthorized access. • Yahoo is mandating password changes for all affected users and has invalidated compromised cookies.

Detailed Analysis

**Impact** More than 1 billion Yahoo user accounts were compromised in a breach dating back to August 2013, doubling the size of a previously disclosed 2014 breach affecting 500 million accounts. Affected data includes names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5), and in some cases, encrypted or unencrypted security questions and answers. Payment card and bank account information were not stored in the affected systems. The breach impacts users globally, including those of Yahoo’s services such as Flickr and some ISPs using Yahoo email, with potential consequences for Verizon’s $4.83 billion acquisition of Yahoo. **Technical Details** Attackers exploited a vulnerability allowing them to forge authentication cookies, enabling access to user accounts without passwords. The breach involved unauthorized access to Yahoo’s proprietary code, which was used to create these forged cookies that bypass server authentication. The specific intrusion vector and malware/tools used remain unidentified. The stolen password hashes used MD5, a weak algorithm vulnerable to offline cracking. Law enforcement alerted Yahoo to the breach, and forensic experts assisted in the investigation. **Recommended Response** Affected users should be forced to reset passwords and security questions immediately, with notifications issued to all potentially impacted accounts. Organizations should invalidate all existing authentication cookies and implement hardened cookie validation mechanisms. Monitoring for unusual authentication patterns and unauthorized access attempts is advised. No specific CVEs or malware signatures were disclosed, so defenders should focus on detecting forged cookie usage and anomalous account activity.

Source articles (4)

  • Yahoo: 'State-sponsored' actors behind biggest data breach ever — Digitaljournal · 2026-06-03
    Yahoo announced the attack today . It said that forensic experts found cybercriminals stole data associated with “more than one billion” user accounts in August 2013. The company confirmed the breach…
  • Yahoo Hack Security Of One Billion Accounts Breached — www.theguardian.com · 2026-06-03
    The latest incident to emerge – which happened in 2013 – is probably distinct from the breach of 500m user accounts in 2014 Yahoo said on Wednesday it had discovered another major cyber attack, saying…
  • Yahoo Discloses Hack Of 1 Billion Accounts — techcrunch.com · 2026-06-03
    The company disclosed today that it has discovered a breach of more than one billion user accounts that occurred in August 2013. The breach is believed to be separate and distinct from the theft of da…
  • Yahoo Hack Billion Users — www.wired.com · 2026-06-03

Timeline

  • 2013-08-01 — Data breach occurred: Unauthorized access to over one billion user accounts took place, linked to state-sponsored actors.
  • 2016-09-01 — Previous breach disclosed: Yahoo reported a separate breach affecting 500 million accounts, leading to increased scrutiny.
  • 2026-06-03 — Yahoo announces new breach: Yahoo confirmed the breach of over one billion accounts, stating it is distinct from the 2014 breach.
  • 2026-06-03 — User notifications begin: Yahoo starts notifying affected users and mandates password changes to enhance security.

Related entities

  • Data Breach (Attack Type)
  • Yahoo (Platform)
  • Tumblr (Platform)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-287 - Improper Authentication (Cwe)
  • today.it (Domain)
  • T1078 - Valid Accounts (Mitre Attack)
  • T1539 - Steal Web Session Cookie (Mitre Attack)
  • Flickr (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed