Another major data breach could torpedo Yahoo’s acquisition by Verizon
Yahoo has admitted that it suffered a massive data breach back in 2013 that saw more than a billion user accounts hacked, making it the biggest breach in history.
The company confirmed that it believes the hack took place in August 2013, when an unauthorised third party swiped data linked to a mass number of accounts, though thus far the company has no information on the identity of the hacker or hackers.
Biggest breach in history
Yahoo discovered the hack when it was investigating the 2014 data breach that came to light this year which saw the data of 500 million accounts compromised.
This hack, however, is significantly worse given its size and the type of data stolen, though users financial information is not at risk according to Yahoo.
“For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information,” the company said in a statement revealing the data breach.
Yahoo was already licking its wounds after the 2014 data breach started to get in the way of its acquisition by Verizon, and time will tell if this new breach disclosure will torpedo the takeover deal.
The reveal of the data breach has come under fire from experts in the security industry, putting Yahoo under fire from more than just the US government.
“There have been a number of cases this year of retrospective notifications of breaches that are of little help to customers affected by them. This underlines the need for regulation. It’s to be hoped that GDPR (General Data Protection Regulation), which comes into force in May 2018, will motivate firms to, firstly, take action to secure the customer data they hold, and secondly, to notify the ICO of breaches in a timely manner,” said David Emm, principal security researcher at Kaspersky Lab.
Tyler Moffitt, senior threat research analyst at cyber security company Webroot, lambased Yahoo for the fact it took a third party investigation to surface the 2013 hack.
“This is disgraceful as Yahoo would have remained unaware. The fact that Yahoo has taken steps to secure user accounts is of little comfort. These accounts have been compromised for years and the sheer number of them means they have already been a large source of identity theft. No one should have faith in Yahoo at this point and this breach might very well affect the $4.8 billion Verizon deal,” he said.
The breach poses a problem for users of Yahoo’s services who will need to go through the process of changing passwords and working out how much at risk they are from the data breach.