Verizon Says All 3 Billion Yahoo Accounts Were Compromised in 2013 Attack

[MacRumors]

Yahoo's massive data breach that occurred in August of 2013 affected all three billion Yahoo accounts that existed at the time, Yahoo parent company Verizon disclosed today in a statement on Oath.com, the website for the brand that now encompasses both AOL and Yahoo.

Previously, Yahoo said the hack affected 1 billion accounts, or a third of all accounts at the time. Verizon now says new intelligence suggests the attack was much larger, compromising all Yahoo accounts in 2013.

Subsequent to Yahoo's acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.

Information stolen from affected accounts included names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers. Clear text passwords, bank account information, and credit/debit card information are not believed to have been accessed in the attack.

In a statement, Verizon says the Yahoo team is continuing to take significant steps to enhance security.

"Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats," said Chandra McMahon, Chief Information Security Officer, Verizon. "Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources."

Yahoo initially uncovered the attack after law enforcement officials provided the company with Yahoo user data from an unknown source. Yahoo notified users it believed were affected in 2016 at the time the attack was disclosed, but the company will now send email notifications to additional user accounts affected by the hack.

Along with the attack in 2013, Yahoo saw another data breach in 2014 that compromised 500 million accounts, and a third major breach targeting accounts between 2015 and 2016.

The security breaches affected Verizon's $4.48 billion June acquisition of Yahoo, leading Yahoo to drop its asking price by $350 million.

Yahoo is already under SEC investigation for not disclosing the data breach sooner and affected victims have been given the right to sue the company.

Article Link: Verizon Says All 3 Billion Yahoo Accounts Were Compromised in 2013 Attack

 

[catportal]

*whistling while Marissa Mayor floats away in her golden parachute*

 

[IPPlanMan]

Rule #1: They’re always lying

This was intentionally slow-walked to get past the acquisition.
[doublepost=1507065797][/doublepost]

*whistling while Marissa Mayor floats away in her golden parachute*

I’ll bet she knew the whole time. Disgraceful.

She needs to be called before Congress:

https://judiciary.house.gov/subcomm...ourts-intellectual-property-and-the-internet/

Drop these Members on the Committee a line and get her put in the hot seat.

 

[akfgpuppet]

It was just easier to say that all accounts were compromised.

 

[Urban Joe]

What a farce. The words privacy and internet don’t belong in the same sentence. Makes ya wonder though...

 

[Mike MA]

How Yahoo handles the issue is the far bigger scandal.

 

[duervo]

How Yahoo handles the issue is the far bigger scandal.

Could be indicative of a pattern of behaviour in the corporate world. First Yahoo’s (mis)handling, and then Equifax’s. Not surprising, though. Profits trump all else with that mindset.

 

[FelixDerKater]

I believe there was a study some time ago showing the average intelligence and income of Yahoo users was lower than that of the other main competitors.

 

[avanpelt]

Slow clap for Marissa Mayer. I hope she faces some stiff penalties for what was clearly a deliberate scheme to keep the truth from being known for so long. It doesn't take four years to uncover the fact that your entire system of user accounts was breached. Four months, perhaps; but it would not have taken them four years to know that information.

 

[dwsolberg]

At some point very soon, I'm pretty sure that bad actors are going to know all the verifiable information about everyone, including the answers to just about all security questions.

So what are the implications? It will be interesting.

 

[D.T.]

I read earlier today is was closer to 500 trillion ...

 

[brianvictor7]

It was just easier to say that all accounts were compromised.

To be fair, they might have missed a few

 

[imran5720]

it will not take long with today's computers to decrypt hashed passwords from back then, so its safe to say that clear passwords were also stolen

 

[The Cappy]

I believe there was a study some time ago showing the average intelligence and income of Yahoo users was lower than that of the other main competitors.

Published alongside the study that showed that people like to make crap up on the internet? Yeah. I think I remember it.

 

[Goldfrapp]

What's more shocking is that Y actually had 3 billion accounts

 

[macTW]

Yahoo drove themselves into the ground. I’ll be shocked if Verizon doesn’t try to get money back on this.

 

[hauntvictim]

I think the most annoying aspect is the fact that I can not change my Apple ID and am stuck with the horrible 80 spam emails a day for this Yahoo! account.

 

[FelixDerKater]

Published alongside the study that showed that people like to make crap up on the internet? Yeah. I think I remember it.

http://www.marketingcharts.com/demographics-and-audiences/household-income-366

Not exactly the one I’m thinking of, but along the same lines.

 

[fitshaced]

For the guys who stole all our info, my first pets name wasn’t actually Sir Fluffy Wuffy. I was lying.

Seriously though, this company should be shut down.

 

[MistrSynistr]

2,9 billion of them used only as stunt accounts for dating sites. lol.

 

[arybaryba]

I think the most annoying aspect is the fact that I can not change my Apple ID and am stuck with the horrible 80 spam emails a day for this Yahoo! account.

.

Of course you can change your Apple ID. You just can't use an iCloud, .me, etc. email. You can use Gmail, Outlook, or anything else. I got rid of my Gmail address and moved my ID to an Outlook address

 

[elvisimprsntr]

Effective security costs $, which will be first to get cut when revenue is down. At least until there is a breach.

Most technology competent people know Yahoo has always been a cesspool for SPAM, ADWARE, and MALWARE. Ditto for AOL. Guests at my home don't understand why I block access YAHOO, AOL, FB, etc. If they don't like it, they can use their own service or data plan.

I have absolutely no idea what Verizon saw in Yahoo. Marissa Mayer's strategy was to cut costs and bulk up through acqusitions to solicit a premium during the sale, all while lining her pockets... pretty dresses. Congrats for executing flawlessly. Or she was completely incompetent and couldn't manage her way out of a paper bag.

 

[webbuzz]

*whistling while Marissa Mayor floats away in her golden parachute*

And giggles all the way.

 

[IPPlanMan]

Slow clap for Marissa Mayer. I hope she faces some stiff penalties for what was clearly a deliberate scheme to keep the truth from being known for so long. It doesn't take four years to uncover the fact that your entire system of user accounts was breached. Four months, perhaps; but it would not have taken them four years to know that information.

I’d like to see her called before Congress:

https://judiciary.house.gov/subcomm...ourts-intellectual-property-and-the-internet/

Drop these Members on the Committee a line.

 

[Phonephreak]

So glad I never had a yahoo account. Never needed it