ADVERTISEMENT

Tech firm says hackers stole data from 500million accounts in 2014

At least, 500 million Yahoo accounts were hacked by what is believed to be a state sponsored actor in 2014.

Yahoo CEO, Marissa Meyer.

Cyber thieves may have stolen names, email addresses, telephone numbers, dates of birth and encrypted passwords, the company said. But unprotected passwords, payment card data and bank account information did not appear to have been compromised, signaling that some of the most valuable user data was not taken.

The attack on Yahoo was unprecedented in size, more than triple other large attacks on sites such as eBay Inc, and it comes to light at a difficult time for Yahoo.

Chief Executive Officer Marissa Mayer is under pressure to shore up the flagging fortunes of the site founded in 1994, and the company in July agreed to a $4.83 billion cash sale of its internet business to Verizon Communications Inc.

ADVERTISEMENT

"This is the biggest data breach ever," said well-known cryptologist Bruce Schneier, adding that the impact on Yahoo and its users remained unclear because many questions remain, including the identity of the state-sponsored hackers behind it.

On its website on Thursday, Yahoo encouraged users to change their passwords but did not require it.

Although the attack happened in 2014, Yahoo only discovered the incursion after August reports of a separate breach. While that report turned out to be false, Yahoo's investigation turned up the 2014 theft, according to a person familiar with the matter.

Analyst Robert Peck of SunTrust Robinson Humphrey said the breach probably was not enough to prompt Verizon to abandon its deal with Yahoo, but it could call for a price decrease of $100 million to $200 million, depending on how many users leave Yahoo.

Steven Caponi, an attorney at K&L Gates with a practice including merger litigation, said thatYahoo's breach could fall under the "material adverse change" clause common in mergers allowing a buyer to walk away if its target's value deteriorates.

ADVERTISEMENT

"That would give Verizon the opportunity to renegotiate the terms or potentially walk away fromthe transaction if it is a material change. Whether it is a material change will depend in large part on what kind of information was compromised," Caponi said.

Still, it is rare for mergers to fall apart over material changes. Verizon said in a statement it was made aware of the breach within the last two days and had limited information about the matter.

"We will evaluate as the investigation continues through the lens of overall Verizon interests," the company said.

Shares of Yahoo stock closed a penny higher at $44.15, while shares of Verizon, were up about 1 percent.

RISING ATTACKS

ADVERTISEMENT

The Yahoo breach follows a rising number of other large-scale data attacks and could make it a watershed event that prompts government and businesses to put more effort into bolstering defenses, said Dan Kaminsky, a well-known internet security expert.

Retailers and health insurers have been especially hard hit after high-profile breaches at Home Depot Inc, Target Corp, Anthem Inc and Premera Blue Cross.

"Five hundred of the Fortune 500 have been hacked," he said. "If anything has changed, it's that these attacks are getting publicly disclosed."

Three U.S. intelligence officials, who declined to be identified by name, said they believed the attack was state-sponsored because of its resemblance to previous hacks traced to Russian intelligence agencies or hackers acting at their direction.

Yahoo said it was working with law enforcement on the matter, and the FBI said it was investigating.

ADVERTISEMENT

"The investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network," the company said.

While the breach comprised mostly low-value information, it did include security questions and answers created by users themselves. That data could make users vulnerable if they use the same answers on other sites.

A former Yahoo employee said the Q&A were deliberately left unencrypted, which allowed Yahoo to catch fake accounts more easily because fake accounts tended to reuse questions and answers.

News of the massive breach at one of the nation's largest email providers may fan concern that U.S. companies and government agencies are not doing enough to improve cyber security.

Democratic Senator Mark Warner said in a statement he was "most troubled by news that this breach occurred in 2014, and yet the public is only learning details of it today."

ADVERTISEMENT

Technology website Recode first reported Tuesday that Yahoo planned to disclose details about a data breach affecting hundreds of millions of users.

JOIN OUR PULSE COMMUNITY!

Unblock notifications in browser settings.
ADVERTISEMENT

Eyewitness? Submit your stories now via social or:

Email: eyewitness@pulse.ng

Recommended articles

Anambra PASAN begins strike over Soludo's failure to grant financial autonomy

Anambra PASAN begins strike over Soludo's failure to grant financial autonomy

Governor Sanwo-Olu pays ₦4.48 billion to 1,455 retirees in accrued pensions

Governor Sanwo-Olu pays ₦4.48 billion to 1,455 retirees in accrued pensions

Court discharges ex-AGF Adoke, 6 others in Malabu oil scam case

Court discharges ex-AGF Adoke, 6 others in Malabu oil scam case

Nigerians are expected to pay for TV licences — here’s what the law says

Nigerians are expected to pay for TV licences — here’s what the law says

BEDC management denies rumours of dissolution, increases revenue

BEDC management denies rumours of dissolution, increases revenue

Federal Govt set to sue Binance ltd, officials for tax evasion on April 4

Federal Govt set to sue Binance ltd, officials for tax evasion on April 4

What Nigerian law says about treatment of people with disabilities

What Nigerian law says about treatment of people with disabilities

Gambling investment is evil, will take away everything - Cleric warns youths

Gambling investment is evil, will take away everything - Cleric warns youths

All teachers need to learn digital skills to earn their students’ respect

All teachers need to learn digital skills to earn their students’ respect

Pulse Sports

Nigeria vs Mali: Has Finidi George done enough to land Super Eagles job permanently?

Nigeria vs Mali: Has Finidi George done enough to land Super Eagles job permanently?

I want to emulate Keshi and win the AFCON - Finidi George shares ambitious Super Eagles dream

I want to emulate Keshi and win the AFCON - Finidi George shares ambitious Super Eagles dream

Michelle Alozie: I had to do it because of African referees

Michelle Alozie: I had to do it because of African referees

AC Milan star reveals he was named after Super Eagles legend Tijani Babangida

AC Milan star reveals he was named after Super Eagles legend Tijani Babangida

Give him the job! Super Eagles fans beg NFF to make Finidi George permanent coach after Nigeria's win over Ghana

Give him the job! Super Eagles fans beg NFF to make Finidi George permanent coach after Nigeria's win over Ghana

Super Eagles 2-1 Black Stars: Nigerians praise Iwobi, Lookman, Finidi George after friendly victory against Ghana

Super Eagles 2-1 Black Stars: Nigerians praise Iwobi, Lookman, Finidi George after friendly victory against Ghana

ADVERTISEMENT
ADVERTISEMENT