Technology / Yahoo: One billion user accounts compromised in new data breach

Yahoo: One billion user accounts compromised in new data breach

More than a billion Yahoo user accounts may be compromised in one of the biggest data breaches on record, the firm has admitted.

The company reported a breach affecting 500 million accounts earlier this year, but it says the new incident is "likely distinct" from the previous one.

The latest breach, which happened in August 2013, could include users' names, email addresses, phone numbers, dates of birth and hashed passwords.

In some cases, it also includes "encrypted or unencrypted security questions and answers", Yahoo admitted in an email sent to customers it believes are affected.

"Law enforcement provided Yahoo in November 2016 with data files that a third party claimed was a Yahoo user data," it said. "We analysed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data.

"Based on further analysis of this data by the forensic experts, we believe an unauthorised third party, in August 2013, stole the data associated with a broader set of user accounts...

"We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22nd 2016."

Cyber security experts said the breach should serve as yet another wake-up call for companies that are not yet doing enough to protect their customers’ information.

“For the second time this year, Yahoo is under the spotlight and this mega breach serves as yet another reminder that more needs to be done to protect customers’ data,” said Nick Brown, group managing director at GBG. “Whilst Yahoo has announced financial information was not leaked, this data breach is by no means of less significant concern.

“Card details can be replaced, but the other, more personal information, such as your name, email address, date of birth and where you live can easily be pieced together by criminals, who browse, haggle and sell personal details on the Dark Web and use it for identity theft.”

The breach also raises more questions over Yahoo’s $4.8 billion (£3.8 billion) sale to Verizon. The technology giant reportedly demanded a $1 billion (£798 million) discount following the 500 million-account data breach that came to light earlier this year.

“The news of an earlier major hack to one billion Yahoo accounts increases the pressure on both Verizon’s board to negotiate a lower price and on Yahoo’s board to finalise a sale,” said John Colley, a professor of practice at Warwick Business School.

“As for Yahoo, if this deal fails then they are damaged goods and others may no longer be queuing up to buy. If that should be the case then, like the unwanted Twitter, they will have no option but to savagely cut costs.

“Yahoo CEO Marissa Mayer needs to cut a good deal as her reputation is under pressure following the less than prompt announcement of the two major hacks. This news is not good for either Verizon or Yahoo.”

Photo © Rodrigo Laoletti (CC BY 2.0). Cropped.



Get our latest features in your inbox

Join our community of business leaders