Giga-hack: Yahoo reveals hackers stole data from a billion-plus users, in biggest breach ever
Yahoo announced Wednesday more than a billion users may have had data stolen in a hack dating back to 2013 - separate from its previously disclosed breach affecting 500 million.
In a huge blow to the struggling internet pioneer, Yahoo said it made the discovery as it was investigating what was already the largest data breach of a single company.
“Yahoo believes an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts,” it said in a statement.
Yahoo said this case “is likely distinct from the incident the company disclosed on September 22, 2016.”
The news comes with Yahoo in the process of selling its core operating assets to Verizon for US$4.8 billion.
The breach disclosed in September had already threatened to derail the deal with Verizon or result in a reduction in the price.
In November, Yahoo disclosed that as part of its investigation into the prior breach, it had received data files from law enforcement “that a third party claimed was Yahoo user data.”
Using outside forensic experts, Yahoo now confirms that this was indeed user data but added that it “has not been able to identify the intrusion associated with this theft.”
Yahoo said in September it believed the breach of information on 500 million users was “state sponsored” but some analysts have questioned this theory.
The stolen user account information in the newly disclosed breach may have included names, email addresses, telephone numbers, dates of birth, “hashed” passwords and, in some cases, encrypted or unencrypted security questions and answers, Yahoo said.
The hackers did not obtain passwords in clear text, payment card data, or bank account information, it said.
The latest breach discovery is a further embarrassment to a company that was one of the biggest names of the internet but which has failed to keep up with rising stars such as Google and Facebook.
Yahoo’s valuation hit US$125 billion during the dot-com boom, but it has been losing ground since then despite several efforts to reboot.
In the mid-1990s, Yahoo was among the most popular destinations on the internet, helping many people navigate the emerging web.
It became the top online “portal,” connecting users to news, music and other content. But its fortunes started to fade when Google began to dominate with its powerful search engine.
But as its core business declined, Yahoo’s stake in outside investments - notably Chinese internet giant Alibaba - surged.
After a series of management changes and revival efforts, Yahoo decided to sell its main operating business as a way to separate that from its more valuable stake in Alibaba, which owns the South China Morning Post.
Yahoo’s plan would place its main operating business within Verizon, which has already acquired another faded internet star, AOL.
The remaining portion would be a holding company with stakes in Alibaba and Yahoo Japan.
Verizon said in a statement it would await further news of the investigation before making any decision.
“As we’ve said all along, we will evaluate the situation as Yahoo continues its investigation,” the statement said.
“We will review the impact of this new development before reaching any final conclusions.”
Verizon had said the prior breach was likely “material,” meaning it could allow the telecom giant to scrap the deal or lower its offer.