Yahoo has discovered a three-year-old security breach that enabled a hacker to compromise more than 1 billion user accounts, breaking the company’s own humiliating record for the biggest security breach in history.
The digital heist disclosed on Wednesday occurred in August 2013, more than a year before a separate hack that Yahoo announced nearly three months ago.That breach affected at least 500 million users, which had been the most far-reaching hack until the latest revelation.
“It’s shocking,” security expert Avivah Litan of Gartner Inc said.
Both lapses occurred during the reign of Yahoo CEO Marissa Mayer, a once-lauded leader who found herself unable to turn around the company in the four years since her arrival. Earlier this year, Yahoo agreed to sell its digital operations to Verizon Communications for US$4.8 billion — a deal that may now be imperiled by the hacking revelations.
Yahoo did not say if it believes the same hacker might have pulled off two separate attacks. The Sunnyvale, California, company blamed the late 2014 attack on a hacker affiliated with an unidentified foreign government, but said it has not been able to identify the source behind the 2013 intrusion.
Yahoo has more than 1 billion monthly active users, although some have multiple accounts and others have none at all. An unknown number of accounts were affected by both hacks.
In both attacks, the stolen information included names, e-mail addresses, phone numbers, birthdates, and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.
However, hackers also apparently stole passwords in both attacks. Technically, those passwords should be secure; Yahoo said they were scrambled twice — once by encryption and once by another technique called hashing. However, hackers have become adept at cracking secured passwords by assembling huge dictionaries of similarly scrambled phrases and matching them against stolen password databases.
That could mean trouble for any users who reused their Yahoo password for other online accounts. Yahoo is requiring users to change their passwords and invalidating security questions so they cannot be used to hack into accounts. (You may get a reprieve if you have changed your password and questions since September.)
Security experts said the 2013 attack was likely the work of a foreign government fishing for information about specific people. One big tell: It does not that much personal data from Yahoo accounts has been posted for sale online, meaning the hack probably was not the work of ordinary criminals.
That means most Yahoo users probably don’t have anything to worry about, Rook Security CEO J.J. Thompson said.
News of the additional hack further jeopardizes Yahoo’s plans to fall into Verizon’s arms. If the hacks cause a user backlash against Yahoo, the company’s services would not be as valuable to Verizon, raising the possibility that the sale price might be renegotiated or the deal may be called off. The telecom giant wants Yahoo and its many users to help it build a digital ad business.
After the news of the first hack broke, Verizon said it would re-evaluate its Yahoo deal and in a Wednesday statement said it would review the “new development before reaching any final conclusions.”
Spokesman Bob Varettoni declined to answer further questions.
At the very least, the security lapses “definitely will help Verizon in its negotiations to lower the price,” Litan predicted. Yahoo has argued that news of the 2014 hack did not negatively affect traffic to its services, strengthening its contention that the Verizon deal should be completed under the original terms.
“This just adds to fuel to the fire and it won’t help Yahoo’s cause,” said Eric Jackson, a longtime critic of the company’s management.
Although he has in the past, Jackson does not currently own Yahoo stock.
Romania’s electoral commission on Saturday excluded a second far-right hopeful, Diana Sosoaca, from May’s presidential election, amid rising tension in the run-up to the May rerun of the poll. Earlier this month, Romania’s Central Electoral Bureau barred Calin Georgescu, an independent who was polling at about 40 percent ahead of the rerun election. Georgescu, a fierce EU and NATO critic, shot to prominence in November last year when he unexpectedly topped a first round of presidential voting. However, Romania’s constitutional court annulled the election after claims of Russian interference and a “massive” social media promotion in his favor. On Saturday, an electoral commission statement
Chinese authorities increased pressure on CK Hutchison Holdings Ltd over its plan to sell its Panama ports stake by sharing a second newspaper commentary attacking the deal. The Hong Kong and Macau Affairs Office on Saturday reposted a commentary originally published in Ta Kung Pao, saying the planned sale of the ports by the Hong Kong company had triggered deep concerns among Chinese people and questioned whether the deal was harming China and aiding evil. “Why were so many important ports transferred to ill-intentioned US forces so easily? What kind of political calculations are hidden in the so-called commercial behavior on the
MINERAL DEPOSITS: The Pacific nation is looking for new foreign partners after its agreement with Canada’s Metals Co was terminated ‘mutually’ at the end of last year Pacific nation Kiribati says it is exploring a deep-sea mining partnership with China, dangling access to a vast patch of Pacific Ocean harboring coveted metals and minerals. Beijing has been ramping up efforts to court Pacific nations sitting on lucrative seafloor deposits of cobalt, nickel and copper — recently inking a cooperation deal with Cook Islands. Kiribati opened discussions with Chinese Ambassador Zhou Limin (周立民) after a longstanding agreement with leading deep-sea mining outfit The Metals Co fell through. “The talk provides an exciting opportunity to explore potential collaboration for the sustainable exploration of the deep-ocean resources in Kiribati,” the government said
The head of Shin Bet, Israel’s domestic intelligence agency, was sacked yesterday, days after Israeli Prime Minister Benjamin Netanyahu said he no longer trusts him, and fallout from a report on the Oct. 7, 2023, Hamas attack. “The Government unanimously approved Prime Minister Benjamin Netanyahu’s proposal to end ISA Director Ronen Bar’s term of office,” a statement said. He is to leave his post when his successor is appointed by April 10 at the latest, the statement said. Netanyahu on Sunday cited an “ongoing lack of trust” as the reason for moving to dismiss Bar, who joined the agency in 1993. Bar, meant to
RSS