Yahoo breach likely to have exposed all 3bn users

Internet giant Yahoo now believes a 2013 security breach exposed all 3bn of its users at the time.

An assessment based on intelligence obtained after the $4.5bn (€3.8bn) acquisition of the business by Verizon, earlier this year, showed the number of accounts compromised by the hack was far higher than Yahoo’s initial estimate of 1bn.

The information stolen did not include passwords in clear text, payment data or bank accounts.

Yahoo is in the process of notifying users.

Verizon — which is combining Yahoo with its AOL business to attract more internet advertising — had negotiated a $350m price cut on the deal after Yahoo disclosed the 2013 breach and a subsequent hack in 2014.

Verizon and Altaba, the former owner of the Yahoo Internet assets Verizon acquired, agreed earlier this year to split evenly the liability costs of lawsuits related to the breach.

Altaba also has to cover any shareholder costs.

Yahoo has said it wasn’t able to identify who was responsible for the 2013 breach, though the US government has accused Russia of directing the 2014 hack.

The 2013 intrusion was discovered by Andrew Komarov, chief intelligence officer for InfoArmor, who had been tracking an Eastern European hacker group that he spotted offering 1bn Yahoo accounts for $300,000 in a private sale.

By watching the group’s communications, he was able to determine that it sold the database three times. Two buyers were large spamming groups.

The third purchaser provided a list of 10 names of US and foreign government officials and business executives to verify that their logins were part of the database, Mr Komarov said.

The unusual request, Mr Komarov said, indicated that the buyer might be linked to a foreign intelligence agency.

Yahoo’s sites, like email, finance, Flickr, Tumblr and sports have faded in popularity since 2013.

While the attacks exposed user accounts and threatened Yahoo’s trust with consumers, most people have already moved on, said Jan Dawson, an analyst at Jackdaw Capital.

“Certainly this makes the hack look worse than Verizon and the rest of us thought, but I don’t know that that materially changes the valuation of Yahoo as a company or the ongoing cost of dealing with the hack.”

Shares in both Verizon or Altaba were little changed yesterday.

The US Senate Commerce Committee will call on Yahoo representatives to testify about the breaches, whether there are steps they should have taken earlier and whether there is more bad news to come, John Thune, the panel’s chairman, said earlier this week.

The committee is also calling representatives of Equifax, the consumer credit agency involved in a breach that compromised information on 145.5m US consumers.

Oath, Verizon’s media group that includes Yahoo, reaches about one billion consumers, said chief executive Tim Armstrong in an interview last month.



On June 26, we sat outside the first bar to open here since lockdown began on March 15. There are only two bars in the valley. Cafes serve drinks, but these are bar-bars, the kind that stay open after midnight.Damien Enright: Fruit trees are laden with their bounty as we prepare to leave

In October 1986, 52 mute swans, living peacefully on the Tolka in Dublin, were drenched in diesel oil accidentally released into the river. Swan-catchers went into action; only one bird died before they reached it.Richard Collins: Human crisis will offer chance for wild animal research

It's a typically Irish summer’s day of sunshine and occasional showers. Travel restrictions have been eased again and we venture forth to one of nature’s gems, Gougane Barra, deep in the mountains of West Cork.Donal Hickey: Gougane Barra has peace and wildness

When the ferryman pulls away from the pier and the salty spray of the sea hits your face the feeling of release from the mainland is deeply pleasurable. Your island awaits. Whether for a day trip or a holiday, the lure of the islands is as magnetic as ever.The Islands of Ireland: The lure of the less-visited

More From The Irish Examiner