Not a fake: The email from Yahoo

“Update on data theft”

At the moment, Yahoo users are receiving an email with the subject: “Important security information for Yahoo users.” After it became known that Yahoo was affected by a massive data theft, users are now receiving emails from the company asking them to change their password.

These emails are REAL!

In mid-December 2016, we wrote a report on the topic after it became known that the company was again having problems with data theft: Once again massive data theft at Yahoo! known . As a result, Yahoo took steps to protect its users by disabling unencrypted security questions and answers and fake cookies. They also advise those affected to change their passwords by sending emails with all important information. For more information, see Yahoo Security Notice .

The email as text:

Subject: Important Security Information for Yahoo Users

From: Yahoo ( [email protected] ) Dear Yahoo User,
This letter is intended to update you regarding the data security issue that Yahoo announced in December 2016.
Yahoo has already taken the appropriate measures described below in 2016 to protect your account. What happened?
On December 14, 2016, Yahoo announced that, based on analysis of data sets submitted to the company by a law enforcement agency, an unauthorized third party stole data associated with certain user accounts in August 2013.
Yahoo informed all potentially affected users at this time. We recently received further information about this and, following an appropriate analysis with the support of external security experts, determined that data from your user account was probably also affected. Which data was affected?
The stolen user account data may have included names, email addresses, phone numbers, dates of birth, hashed (with MD5) passwords, and in some cases encrypted or unencrypted security questions and answers.
Not all of these data elements may have been present in your account. The ongoing investigation shows that plain text passwords and payment card or bank account data were not affected by the theft. Payment card and bank account data is not stored on the suspected compromised system. What we do
In connection with the announcement in December 2016, Yahoo took measures to protect users who, like your case, were not considered potentially affected at the time.
Specifically: · Yahoo asked potentially affected users to change their passwords.
· Yahoo also asked all other users to do so if they had not changed their password since the theft.
· Yahoo has disabled non-encrypted security questions and answers.
These can no longer be used to access accounts. We are working closely with law enforcement on this matter and continue to improve our systems to detect and prevent unauthorized access to user accounts.
What you can do
Yahoo has already taken steps to protect your account.
However, we also recommend that you take the following security precautions: · Change your password and security questions and answers for any other accounts where you use the same or similar information as your Yahoo account.
· Check your accounts for suspicious activity.
· Be wary of unsolicited messages requesting your personal information or linking to websites requesting your personal information.
· Do not click on links or download attachments of suspicious emails.
In addition, we recommend you to use Yahoo Account Key.
This simple authentication tool completely eliminates the need for passwords. Learn more
For more information about this topic and our security tools, see the 2013 Yahoo Accounts security issue FAQ page at https://help.yahoo.com/kb/index?locale=de_DE&page=content&y=PROD_ACCT&id=SLN28451&actp=productlink .
We value the trust of our users, whose safety remains our top priority.
Kind regards,
Chris Nims
Chief Information Security Officer