Posted by News Express | 15 December 2016 | 2,365 times
Yahoo has said more than one billion user accounts may have been affected in a hacking attack dating back to 2013.
The internet giant said it appeared separate from a 2014 breach disclosed in September, when Yahoo revealed 500 million accounts had been accessed.
Yahoo said names, phone numbers, passwords and email addresses were stolen, but not bank and payment data.
The company, which is being taken over by Verizon, said it was working closely with the police and authorities.
Yahoo said in a statement that it “believes an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts.”
The breach “is likely distinct from the incident the company disclosed on September 22, 2016".
However, the three-year-old hack was uncovered as part of continuing investigations by authorities and security experts into the 2014 breach, Yahoo said.
Account users were urged to change their passwords and security questions.
Cybersecurity expert Troy Hunt told the BBC: “This would be far and away the largest data breach we’ve ever seen. In fact, the 500 million they reported a few months ago would have been, and to see that number now double is unprecedented.
“Yahoo hasn’t attributed the attack to any state-sponsored activity as they did with the previous incident. They’ve referred to the tampering of cookies, though, which gives us some useful insight into where the vulnerability may have existed in their system.”
When Yahoo, in September, disclosed the 2014 data breach, it said information had been “stolen by what we believe is a state-sponsored actor”. Yahoo did not say which country it held responsible.
Yahoo has come under pressure to disclose why it took so long for that breach to be made public.
The California-based company has more than a billion monthly active users, although many people have multiple accounts. There are also many accounts that are little used or dormant.
The latest disclosure raises fresh questions about Verizon’s $4.8bn proposed acquisition of Yahoo, and whether the US mobile carrier will try to modify or abandon its bid.
If the hacks cause a user backlash against Yahoo, the company’s services would not be as valuable to Verizon.
In a statement, Verizon said that it would evaluate the situation as Yahoo investigates and would review the “new development before reaching any final conclusions”.
Mr Hunt said that Verizon allegedly devalued Yahoo by $1bn after the news emerged of the 2014 attack.
The latest revelations “will surely impact that valuation even further, not just because of the scale of it, but because it shows a pattern of serious failures on Yahoo’s behalf,” he said.
It is a further embarrassment to a company that was once one of the biggest names of the internet but which has failed to keep up with rising stars such as Google and Facebook.
Yahoo’s valuation hit $125bn during the dot-com boom, but it has been losing ground since then despite several attempts to revive its fortunes. (BBC)