The Largest Hack Ever? Yahoo Admits 2013 Data Breach Impacted All 3 Billion Accounts

Is it too late for Verizon to get some more of its money back?

After the entity responsible for selling Yahoo agreed to cut $350 million off the company’s sales price earlier this year following revelations that hackers had stolen sensitive  account information of as many as 1.5 billion user accounts during two separate data breaches, the Wall Street Journal is now reporting that the scale of one of those intrusions was much larger than initially believed.

A 2013 data breach that was initially believed to have impacted 1 billion, actually impacted all of Yahoo's 3 billion user accounts, Verizon announced on Tuesday. Verizon’s acquisition of Yahoo formally closed in June after contentious negotiations that were complicated by the discovery of the hacks. The smaller of the two incidents, which took place in 2014, was first disclosed to the public last September. It reportedly involved 500 million user accounts. Three months later, in December, the company publicized the 2013 hack.

The stolen data included names, email addresses, dates of birth, telephone numbers and encrypted passwords, Yahoo has said. In October, before the second breach was even disclosed, Verizon signaled that it would likely consider the data breach to be a “material event”, allowing it to change the terms of its deal to buy Yahoo, which it did in February.

As WSJ pointed out, the disclosure shows that executives are still coming to grips with Yahoo's myriad security problems.

Even before the number of affected user accounts was revised higher to 3 billion, the breach was still the largest on record by number affected. However, most experts consider the Equifax breach, which involved sensitive financial and personal information like credit card, social security and drivers’ license numbers, more damaging than the Yahoo breach.

A spokesman for Oath, the new name of Verizon’s Yahoo unit, said the company determined last week that the break-in was much worse than thought, after it received new information from outside the company. He declined to elaborate on the source of that information. Compromised customer information included usernames, passwords, and in some cases telephone numbers and dates of birth, the spokesman said.

Fortunately for Yahoo executives, as part of the revised deal, Verizon agreed to forfeit the right to sue Yahoo for allegedly covering up the hacks. Meanwhile, the entity selling Yahoo has retained liability for an SEC investigation that was launched in January, as well as any shareholder lawsuits related to the deal itself.


AurorusBorealus Tue, 10/03/2017 - 23:09 Permalink

Class-action lawsuit.  Put all of these internet data-gathering companies out of business.  That is the only solution, since national governments and regulators are unable and unwilling to restrain the power of these internet panopticon companies.

Yen Cross Tue, 10/03/2017 - 23:09 Permalink

 I think ebay has been breached, and is hiding it. Additionally, I think all three of the major CRA's have been breached.  A little birdie at LexisNexis told me.

GodSpeed_00 Wed, 10/04/2017 - 02:22 Permalink

Yahoo is a shit website filled with liberal propaganda. Everything from gender bending nonsense, Trump bashing, anti-masculine articles and other faggotry. And I gurantee any day of the week you go to their homepage and scroll down the news you will find something "Kardashian" related. Couldn't take it anymore, that's how I ended up here.

buzzsaw99 Wed, 10/04/2017 - 05:48 Permalink

3 billion accounts, yeah right.  that sounds suspiciously like facebook math.  anyone who would give yahoo any information about themselves obviously isn't too worried.

Bai Suzhen Wed, 10/04/2017 - 07:13 Permalink

I think all this security business could be fixed if more companies would hire women and negroes to sort out all this tech stuff.  With Marissa gone, are Lex "It's Unix...I know this..." Murphy and Morgan Freeman available to be CEO and CIO?

Last of the Mi… Wed, 10/04/2017 - 07:35 Permalink

Who the fuck has a Yahoo account. I closed mine 20 years ago. Well the truth is you can't really close it, you have to just sort of abandon it, hence their 3 billion math number.