Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,165
38,937



Yahoo's massive data breach that occurred in August of 2013 affected all three billion Yahoo accounts that existed at the time, Yahoo parent company Verizon disclosed today in a statement on Oath.com, the website for the brand that now encompasses both AOL and Yahoo.

Previously, Yahoo said the hack affected 1 billion accounts, or a third of all accounts at the time. Verizon now says new intelligence suggests the attack was much larger, compromising all Yahoo accounts in 2013.

yahoo-800x302.jpg
Subsequent to Yahoo's acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.
Information stolen from affected accounts included names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers. Clear text passwords, bank account information, and credit/debit card information are not believed to have been accessed in the attack.

In a statement, Verizon says the Yahoo team is continuing to take significant steps to enhance security.
"Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats," said Chandra McMahon, Chief Information Security Officer, Verizon. "Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon's experience and resources."
Yahoo initially uncovered the attack after law enforcement officials provided the company with Yahoo user data from an unknown source. Yahoo notified users it believed were affected in 2016 at the time the attack was disclosed, but the company will now send email notifications to additional user accounts affected by the hack.

Along with the attack in 2013, Yahoo saw another data breach in 2014 that compromised 500 million accounts, and a third major breach targeting accounts between 2015 and 2016.

The security breaches affected Verizon's $4.48 billion June acquisition of Yahoo, leading Yahoo to drop its asking price by $350 million.

Yahoo is already under SEC investigation for not disclosing the data breach sooner and affected victims have been given the right to sue the company.

Article Link: Verizon Says All 3 Billion Yahoo Accounts Were Compromised in 2013 Attack
 
Last edited:
Slow clap for Marissa Mayer. I hope she faces some stiff penalties for what was clearly a deliberate scheme to keep the truth from being known for so long. It doesn't take four years to uncover the fact that your entire system of user accounts was breached. Four months, perhaps; but it would not have taken them four years to know that information.
 
At some point very soon, I'm pretty sure that bad actors are going to know all the verifiable information about everyone, including the answers to just about all security questions.

So what are the implications? It will be interesting.
 
it will not take long with today's computers to decrypt hashed passwords from back then, so its safe to say that clear passwords were also stolen
 
For the guys who stole all our info, my first pets name wasn’t actually Sir Fluffy Wuffy. I was lying.

Seriously though, this company should be shut down.
 
I think the most annoying aspect is the fact that I can not change my Apple ID and am stuck with the horrible 80 spam emails a day for this Yahoo! account.
.

Of course you can change your Apple ID. You just can't use an iCloud, .me, etc. email. You can use Gmail, Outlook, or anything else. I got rid of my Gmail address and moved my ID to an Outlook address
 
Effective security costs $, which will be first to get cut when revenue is down. At least until there is a breach.

Most technology competent people know Yahoo has always been a cesspool for SPAM, ADWARE, and MALWARE. Ditto for AOL. Guests at my home don't understand why I block access YAHOO, AOL, FB, etc. If they don't like it, they can use their own service or data plan.

I have absolutely no idea what Verizon saw in Yahoo. Marissa Mayer's strategy was to cut costs and bulk up through acqusitions to solicit a premium during the sale, all while lining her pockets... pretty dresses. Congrats for executing flawlessly. Or she was completely incompetent and couldn't manage her way out of a paper bag.
 
Last edited:
Slow clap for Marissa Mayer. I hope she faces some stiff penalties for what was clearly a deliberate scheme to keep the truth from being known for so long. It doesn't take four years to uncover the fact that your entire system of user accounts was breached. Four months, perhaps; but it would not have taken them four years to know that information.

I’d like to see her called before Congress:

https://judiciary.house.gov/subcomm...ourts-intellectual-property-and-the-internet/

Drop these Members on the Committee a line.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.