Share

Yahoo triples likely scope of 2013 hack to 3 billion users

New York - Yahoo, the internet company acquired by Verizon Communications this year, now believes a 2013 security breach exposed all 3 billion of its users at the time.

The assessment, based on new intelligence obtained after the $4.5bn acquisition, compares with Yahoo’s initial estimate that 1 billion accounts were compromised. The information stolen didn’t include passwords in clear text, payment data or bank accounts. Yahoo is notifying users.

Verizon, which is combining Yahoo with its AOL business to attract more internet advertising, had negotiated a $350m price cut on the deal after Yahoo disclosed the 2013 breach and a subsequent hack in 2014.

Verizon and Altaba, the former owner of the Yahoo Internet assets Verizon acquired, agreed earlier this year to split evenly the liability costs of consumer and business lawsuits related to the breach. Altaba also has to cover any shareholder liability costs.

While the attacks exposed user accounts and threatened Yahoo’s trust with consumers, most users have already moved on, said Jan Dawson, an analyst at Jackdaw Capital.

“Certainly this makes the hack look worse than Verizon and the rest of us thought, but I don’t know that that materially changes the valuation of Yahoo as a company or the ongoing cost of dealing with the hack,” Dawson said.

Verizon, based in New York, and Altaba, based in Sunnyvale, California, were little changed in late trading.

The Senate Commerce Committee will call on representatives of Yahoo to testify about recent breaches, whether there are steps they should have taken earlier and whether there is potentially more bad news to come, John Thune, the panel’s chairperson, said on Tuesday in a statement.

The committee is also calling representatives of Equifax, the consumer credit agency involved in a data breach that compromised information on 145.5 million US consumers. The date and witness list will be announced later this month.

READ: Equifax raises breach victim number to 145.5 million

Yahoo has said it wasn’t able to identify who was responsible for the 2013 breach, though the US government has accused Russia of directing the 2014 hack. The 2013 intrusion was discovered by Andrew Komarov, chief intelligence officer for InfoArmor, who had been tracking a prolific Eastern European hacker group that he spotted offering 1 billion Yahoo accounts for $300 000 in a private sale.

By watching the group’s communications, he was able to determine that it sold the database three times. Two buyers were large spamming groups.

The third buyer provided a list of 10 names of US and foreign government officials and business executives to verify that their logins were part of the database, Komarov said. The unusual request, Komarov said, indicated that the buyer might be linked to a foreign intelligence agency.

SUBSCRIBE FOR FREE UPDATE: Get Fin24's top morning business news and opinions in your inbox.

Read Fin24's top stories trending on Twitter:


We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.89
+0.3%
Rand - Pound
23.82
+0.4%
Rand - Euro
20.37
+0.3%
Rand - Aus dollar
12.30
+0.3%
Rand - Yen
0.12
+0.3%
Platinum
908.05
0.0%
Palladium
1,014.94
0.0%
Gold
2,232.75
-0.0%
Silver
24.95
-0.1%
Brent Crude
87.00
+1.8%
Top 40
68,346
0.0%
All Share
74,536
0.0%
Resource 10
57,251
0.0%
Industrial 25
103,936
0.0%
Financial 15
16,502
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders