Verizon Says All 3 Billion Yahoo Accounts Were Compromised in 2013 Attack

MacRumors

macrumors bot
Original poster
Apr 12, 2001
49,654
10,977



Yahoo's massive data breach that occurred in August of 2013 affected all three billion Yahoo accounts that existed at the time, Yahoo parent company Verizon disclosed today in a statement on Oath.com, the website for the brand that now encompasses both AOL and Yahoo.

Previously, Yahoo said the hack affected 1 billion accounts, or a third of all accounts at the time. Verizon now says new intelligence suggests the attack was much larger, compromising all Yahoo accounts in 2013.

Subsequent to Yahoo's acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.
Information stolen from affected accounts included names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers. Clear text passwords, bank account information, and credit/debit card information are not believed to have been accessed in the attack.

In a statement, Verizon says the Yahoo team is continuing to take significant steps to enhance security.
"Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats," said Chandra McMahon, Chief Information Security Officer, Verizon. "Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources."
Yahoo initially uncovered the attack after law enforcement officials provided the company with Yahoo user data from an unknown source. Yahoo notified users it believed were affected in 2016 at the time the attack was disclosed, but the company will now send email notifications to additional user accounts affected by the hack.

Along with the attack in 2013, Yahoo saw another data breach in 2014 that compromised 500 million accounts, and a third major breach targeting accounts between 2015 and 2016.

The security breaches affected Verizon's $4.48 billion June acquisition of Yahoo, leading Yahoo to drop its asking price by $350 million.

Yahoo is already under SEC investigation for not disclosing the data breach sooner and affected victims have been given the right to sue the company.

Article Link: Verizon Says All 3 Billion Yahoo Accounts Were Compromised in 2013 Attack
 

IPPlanMan

macrumors 6502
Dec 25, 2009
359
1,400
Last edited:

avanpelt

macrumors 68030
Jun 2, 2010
2,932
3,802
Slow clap for Marissa Mayer. I hope she faces some stiff penalties for what was clearly a deliberate scheme to keep the truth from being known for so long. It doesn't take four years to uncover the fact that your entire system of user accounts was breached. Four months, perhaps; but it would not have taken them four years to know that information.
 

dwsolberg

macrumors 6502a
Dec 17, 2003
731
546
At some point very soon, I'm pretty sure that bad actors are going to know all the verifiable information about everyone, including the answers to just about all security questions.

So what are the implications? It will be interesting.
 

imran5720

macrumors regular
Dec 21, 2013
226
724
it will not take long with today's computers to decrypt hashed passwords from back then, so its safe to say that clear passwords were also stolen
 

fitshaced

macrumors 68000
Jul 2, 2011
1,730
3,104
For the guys who stole all our info, my first pets name wasn’t actually Sir Fluffy Wuffy. I was lying.

Seriously though, this company should be shut down.
 

arybaryba

macrumors newbie
Apr 28, 2015
7
5
I think the most annoying aspect is the fact that I can not change my Apple ID and am stuck with the horrible 80 spam emails a day for this Yahoo! account.
.

Of course you can change your Apple ID. You just can't use an iCloud, .me, etc. email. You can use Gmail, Outlook, or anything else. I got rid of my Gmail address and moved my ID to an Outlook address
 

elvisimprsntr

macrumors 6502
Jul 17, 2013
366
482
Florida
Effective security costs $, which will be first to get cut when revenue is down. At least until there is a breach.

Most technology competent people know Yahoo has always been a cesspool for SPAM, ADWARE, and MALWARE. Ditto for AOL. Guests at my home don't understand why I block access YAHOO, AOL, FB, etc. If they don't like it, they can use their own service or data plan.

I have absolutely no idea what Verizon saw in Yahoo. Marissa Mayer's strategy was to cut costs and bulk up through acqusitions to solicit a premium during the sale, all while lining her pockets... pretty dresses. Congrats for executing flawlessly. Or she was completely incompetent and couldn't manage her way out of a paper bag.
 
Last edited:

IPPlanMan

macrumors 6502
Dec 25, 2009
359
1,400
Slow clap for Marissa Mayer. I hope she faces some stiff penalties for what was clearly a deliberate scheme to keep the truth from being known for so long. It doesn't take four years to uncover the fact that your entire system of user accounts was breached. Four months, perhaps; but it would not have taken them four years to know that information.
I’d like to see her called before Congress:

https://judiciary.house.gov/subcomm...ourts-intellectual-property-and-the-internet/

Drop these Members on the Committee a line.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.