Yahoo is a troubled business. The company has been struggling for a number of years and has ultimatley been forced to put itself up for sale, attracting interest from a number of companies around the world including America’s two largest carriers, AT&T and Verizon Wireless. A short time after Verizon’s offer for Yahoo was accepted and appeared to be something of a “done deal,” Yahoo announced that 500 million accounts were hacked in a significant data breach. The scale of this breach was enough to encourage Verizon Wireless to reconsider its offer to buy Yahoo. Earlier this week on Wednesday, Yahoo reported that it had uncovered another significant cyber attack dating back from August 2013. However, this incident is even larger than the previously reported data loss: here, more than one billion accounts were compromised, twice the size of the last data breach and making this the largest in history. Verizon Wireless have immediately released at statement that explains: “we will review the impact of this new development before reaching any final conclusions.”
Yahoo told Reuters that during the investigation, the company has been talking with Verizon Wireless and “is confident” that the incident will not impact the deal. Yahoo’s statement included that it believed the one billion account hack was “likely” different to the 500 million account hack. The company also reported that stolen information could include names, email addresses, telephone numbers, dates of birth, hashed passwords and perhaps even encrypted or unencrypted security questions and answers. The compromised system did not contain payment and bank account information. As part of the disclosure, Yahoo also explained that it believed the original 500 million account hack, which it is blaming on a government-sponsored hacking ring, included the ability for the hackers to access Yahoo’s proprietary software and could build their own Internet cookies, allowing their computers to access Yahoo accounts without a password.
Within the computer and Internet security industry, some comment of Yahoo was particularly damning. Bruce Schneier, a cryptologist and one of the world’s most respected security experts, said this of the company: “Yahoo badly screwed up… They weren’t taking security seriously and that’s now very clear. I would have trouble trusting Yahoo going forward.” Yahoo discovered the data breach during a review of information provided to the business by the law enforcement agencies.