INTERNET giant Yahoo only uncovered the 2013 theft of data from more than a billion of its user accounts – one of the biggest breaches yet seen – when it was investigating a separate hacking incident this year.

And an online security expert has told The National that unless such intrusions are taken seriously at company board level, they will continue as part of a “new reality” for business.

Lewis Henderson, a director of computer security group Glasswall Solutions, said it was not a phase.

“Although we can’t speak with finality before knowing the exact attack vehicle that the hackers used to access Yahoo’s private data, the event itself darkens an already dire tone regarding the data security of major organisations,” he said.

“Yahoo has become the next target in a long line of high-profile data breaches, which should be the source of great concern for anyone who still believes this is all ‘just a phase’.

“These data breaches are not a fad – they are part of the new reality, and unless they are taken seriously at the board level they will continue.”

Details of the latest Yahoo hack were revealed by the company’s chief information security officer Bob Lord, who said it appeared to be separate from a 2014 breach it disclosed in September, which compromised 500 million accounts.

“As we previously disclosed, law enforcement provided us with data files that a third party claimed was Yahoo user data,” said Lord.

“We analysed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data.

“Based on further analysis by the forensic experts, we believe an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts.”

Lord added: “For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

“The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information.”

Lord said users of Yahoo, which is being taken over by Verizon, were being urged to change their passwords and security questions.

Henderson added: “Organisations, both large and small, are now finding themselves on the back foot all too often, while criminals become more numerous, sophisticated and audacious.

“The Yahoo hack affected as many as one billion users, and it will affect billions more until organisations re-evaluate their current protocols and policy.

“Current cyber-security approaches are too focused on finding and stopping the ‘known bad’, but at the speed at which these criminals are innovating, organisations risk being one step behind if they continue to only focus on the known common threats.”