Yahoo Data Breach Included All Three Billion Accounts

Yahoo Data Breach Included All Three Billion Accounts

by Ray Schultz , October 4, 2017

Yahoo Data Breach Included All Three Billion Accounts | DeviceDaily.com

Yahoo revealed late Tuesday that all three billion of its accounts were compromised in a 2013 data breach — not the one billion figure that was previously announced.

The finding is based on “an investigation with outside forensic experts following Yahoo’s acquisition by Verizon,” the company reported.

This “new intelligence” was recently obtained, it said.

Yahoo — now part of Verizon’s Oath brand — added that its user account information did not include passwords in clear text, payment card data or bank account information.

The company also said that “while this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts.”

The August 2013 data theft was disclosed by the company in December 2016. News of the breach led to Verizon reducing its original offer to Yahoo by $350 million, according to reports. The company was sold for $4.48 billion.

Legal experts say the new revelation opens the company up to new liability. One attorney said “this is a bombshell,” Reuters reports.

Reuters adds that Yanchunis, an attorney representing some of the affected Yahoo users, was asked by a federal judge last Friday for more information to justify his case.

“I think we have those facts now,” Yanchunis said, according to Reuters. “It’s really mind-numbing when you think about it.”

In the attack, cybercriminals stole names, birth dates, phone numbers, and user passwords protected with easy-to-crack encryption, The New York Times reports. The theft also included email addresses used to reset lost passwords, the Times added.

Following news of the breach in 2016, Yahoo took action to protect all accounts, the company said (October 12, 2017). This included notifying affected users identified at the time, and invalidating unencrypted security questions and answers. Yahoo also posted a notification on its website.

Chandra McMahon, chief information security officer, Verizon, said: “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”

MediaPost.com: Search Marketing Daily

(48)