UPDATE 1 – Yahoo says 2013 cyber breach affected all 3 billion users

Photo of author


Internet company Yahoo says a cyber breach more than four years ago affected all of its 3 billion users, not 1 billion as was previously disclosed. It triples in size what was already the biggest data breach ever reported.

The breach occurred in August 2013 when an “unauthorized third party” accessed one of Yahoo’s systems and stole data such as names, email addresses, telephone numbers, dates of birth, hashed passwords using MD5 and, in some cases, encrypted or unencrypted security questions and answers.

The breach was disclosed in December 2016, when Yahoo said more than one billion user accounts had been affected. But the company announced on Tuesday that it discovered during its integration with its new parent company that the breach had affected all 3 billion accounts existing in 2013.

“While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts,” the company said in a statement. It pointed out that it had already required all of its users to change their passwords and security questions and answers when the breach was disclosed in 2016.

Tuesday’s disclosure could prompt additional lawsuits against Yahoo, which continues to face litigation from users who already knew their accounts had been affected. A U.S. district judge in California ruled on August 30 that victims of the breach could pursue breach of contract and unfair competition claims against the company.

Verizon, which announced in July 2016 that it had agreed to purchase Yahoo’s internet business for $4.83 billion, re-negotiated the deal after the cyber breach was disclosed. As a result, the purchase price was lowered by $350 million to $4.48 billion and the deal officially closed on June 13.

“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” Verizon Chief Information Security Officer Chandra McMahon said on Tuesday. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”

(Copyright 2017 by BNO News B.V. All rights reserved. Info: sales@bnonews.com.)

Images Courtesy of DepositPhotos