DAWN.COM Logo

Today's Paper | April 19, 2024

Yahoo suffers world's biggest hack affecting 1bn users

AP Published December 15, 2016

Yahoo has discovered a 3-year-old security breach that enabled a hacker to compromise more than 1 billion user accounts, breaking the company's own humiliating record for the biggest security breach in history.

The digital heist disclosed Wednesday occurred in August 2013, more than a year before a separate hack that Yahoo announced nearly three months ago. That breach affected at least 500 million users, which had been the most far-reaching hack until the latest revelation.

“It's shocking,” security expert Avivah Litan of Gartner Inc said.

Both lapses occurred during the reign of Yahoo CEO Marissa Mayer, a once-lauded leader who found herself unable to turn around the company in the four years since her arrival.

Earlier this year, Yahoo agreed to sell its digital operations to Verizon Communications for $4.8 billion, a deal that may now be imperiled by the hacking revelations.

Two hacks, more than a billion accounts

Yahoo didn't say if it believes the same hacker might have pulled off two separate attacks. The Sunnyvale, California, company blamed the late 2014 attack on a hacker affiliated with an unidentified foreign government, but said it hasn't been able to identify the source behind the 2013 intrusion.

Yahoo has more than a billion monthly active users, although some have multiple accounts and others have none at all. An unknown number of accounts were affected by both hacks.

In both attacks, the stolen information included names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.

But hackers also apparently stole passwords in both attacks. Technically, those passwords should be secure; Yahoo said they were scrambled twice -- once by encryption and once by another technique called hashing.

But hackers have become adept at cracking secured passwords by assembling huge dictionaries of similarly scrambled phrases and matching them against stolen password databases.

That could mean trouble for any users who reused their Yahoo password for other online accounts. Yahoo is requiring users to change their passwords and invalidating security questions so they can't be used to hack into accounts. (You may get a reprieve if you've changed your password and questions since September.)

Security experts said the 2013 attack was likely the work of a foreign government fishing for information about specific people.

One big tell: It doesn't appear that much personal data from Yahoo accounts has been posted for sale online, meaning the hack probably wasn't the work of ordinary criminals.

That means most Yahoo users probably don't have anything to worry about, said J.J. Thompson, CEO of Rook Security.

Questions for Verizon

News of the additional hack further jeopardises Yahoo's plans to fall into Verizon's arms. If the hacks cause a user backlash against Yahoo, the company's services wouldn't be as valuable to Verizon, raising the possibility that the sale price might be re-negotiated or the deal may be called off. The telecom giant wants Yahoo and its many users to help it build a digital ad business.

After the news of the first hack broke, Verizon said it would re-evaluate its Yahoo deal and in a Wednesday statement said it will review the “new development before reaching any final conclusions”. Spokesman Bob Varettoni declined to answer further questions.

At the very least, the security lapses “definitely will help Verizon in its negotiations to lower the price”, Litan predicted.

Yahoo has argued that news of the 2014 hack didn't negatively affect traffic to its services, strengthening its contention that the Verizon deal should be completed under the original terms.

“This just adds to fuel to the fire and it won't help Yahoo's cause,” said Eric Jackson, a longtime critic of the company's management. Although he has in the past, Jackson doesn't currently own Yahoo stock.

Investors appeared worried about the Verizon deal. Yahoo's shares fell 96 cents, or 2 per cent, to $39.95 after the disclosure of the latest hack.

Read more

On DawnNews
Dawn News English
Comments (3) Closed
M.Saeed
Dec 15, 2016 01:00pm
Scars of the easy-life luxuries on line.
Recommend 0
AHad
Dec 15, 2016 01:56pm
The case of Marrisa Meyer is another example on the question of who is responsible for the corporations; the CEO's take the multi- million dollar severance package while the company plunders.
Recommend 0
Alba
Dec 15, 2016 04:37pm
Yahoo's staff did not have the credentials and the expertise they were supposed to have. They were on the lower end of the pay scale at Yahoo. You don't turn a tech company around hiring cheaper less experienced workers. Yahoo apparently hired workers in the cyber security area who couldn't do the job.
Recommend 0

Latest Stories

dawn images site

Most Popular

01
02
03
04
05
06
07
08
09

Must Read

Opinion

Editorial

X post facto
Updated 19 Apr, 2024

X post facto

Our decision-makers should realise the harm they are causing.
Insufficient inquiry
19 Apr, 2024

Insufficient inquiry

UNLESS the state is honest about the mistakes its functionaries have made, we will be doomed to repeat our follies....
Melting glaciers
19 Apr, 2024

Melting glaciers

AFTER several rain-related deaths in KP in recent days, the Provincial Disaster Management Authority has sprung into...
IMF’s projections
Updated 18 Apr, 2024

IMF’s projections

The problems are well-known and the country is aware of what is needed to stabilise the economy; the challenge is follow-through and implementation.
Hepatitis crisis
18 Apr, 2024

Hepatitis crisis

THE sheer scale of the crisis is staggering. A new WHO report flags Pakistan as the country with the highest number...
Never-ending suffering
18 Apr, 2024

Never-ending suffering

OVER the weekend, the world witnessed an intense spectacle when Iran launched its drone-and-missile barrage against...