In the summer of 2013, Yahoo Inc. launched a project to better secure the passwords of its customers, abandoning the use of a discredited technology for encrypting data known as MD5.
It was too late. In August of that year, hackers got hold of more than a billion Yahoo accounts, stealing the poorly encrypted passwords and other information in the biggest data breach on record. Yahoo only recently uncovered the hack and disclosed it last week.
The timing of the attack might seem like bad luck, but the weakness of MD5 had been known by hackers and security experts for more than a decade. MD5 can be cracked more easily than other "hashing" algorithms, which are mathematical functions that convert data into seemingly random character strings.
With your current subscription plan you can comment on stories. However, before writing your first comment, please create a display name in the Profile section of your subscriber account page.