Largest data breach ever: Turns out 3B Yahoo accounts were compromised
Verizon Communications Inc. has disclosed that the hack of Yahoo in August 2013 did not involve the compromise of 1 billion accounts as reported in December. Instead, it was all 3 billion Yahoo accounts, making it the largest data breach in history.
The data stolen in the hack included the “names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said at the time.
“Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” Oath, the Verizon division that runs Yahoo and AOL said in a statement. “While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts.”
The disclosure of this hack, which followed the disclosure of an earlier hack that involved 500 million users, caused Verizon to hesitate in acquiring Yahoo earlier this year. The deal did end up going ahead, with Verizon managing to obtain a $250 million to $350 million discount on its initial acquisition price.
The new disclosure won’t have any effect on the now-complete acquisition. Indeed, Jan Dawson, an analyst at Jackdaw Capital, told Bloomberg that most users have moved on. “Certainly this makes the hack look worse than Verizon and the rest of us thought, but I don’t know that that materially changes the valuation of Yahoo as a company or the ongoing cost of dealing with the hack,” he said.
Looking on whatever bright side there may be, Jeremiah Grossman, chief of security strategy at Sentinel One Inc., told SiliconANGLE that “there will no doubt continue to be megabreaches, but in terms of personal records hacked, we’re unlikely to see anything larger anytime soon. And the reason is unfortunate. There really isn’t any bigger target to go after.”
Grossman added that the real problem with hacks like Yahoo’s is that people generally use the same password on multiple sites. “As a matter of convenience, millions of people tend to use the same password across multiple accounts, which leaves them even more vulnerable when a breach of this scale occurs.”
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.