(Bloomberg) – Yahoo, the internet company acquired by Verizon Communications Inc. this year, now believes a 2013 security breach affected all 3 billion of its users at the time.
|New intelligence
The assessment, based on new intelligence obtained after the $4.5 billion acquisition, compares with Yahoo's initial estimate that 1 billion accounts were compromised. The information stolen didn't include passwords in clear text, payment data or bank accounts. Yahoo is notifying users.
Verizon, which is combining Yahoo with its AOL business to attract more internet advertising, had negotiated a $350 million price cut on the deal after Yahoo disclosed the 2013 breach and a subsequent hack in 2014. Verizon and Altaba Inc., the former owner of the Yahoo Internet assets Verizon acquired, agreed earlier this year to split evenly the liability costs of consumer and business lawsuits related to the breach. Altaba also has to cover any shareholder liability costs.
While the attacks exposed user accounts and threatened Yahoo's trust with consumers, most users have already moved on, said Jan Dawson, an analyst at Jackdaw Capital.
"Certainly this makes the hack look worse than Verizon and the rest of us thought, but I don't know that that materially changes the valuation of Yahoo as a company or the ongoing cost of dealing with the hack," Dawson said.
Verizon, based in New York, and Altaba, based in Sunnyvale, California, were little changed in late trading.
|Unable to ID hacker
Yahoo has said it wasn't able to identify who was responsible for the 2013 breach, though the U.S. government has accused Russia of directing the 2014 hack. The 2013 intrusion was discovered by Andrew Komarov, chief intelligence officer for InfoArmor, who had been tracking a prolific Eastern European hacker group that he spotted offering 1 billion Yahoo accounts for $300,000 in a private sale.
By watching the group's communications, he was able to determine that it sold the database three times. Two buyers were large spamming groups. The third buyer provided a list of 10 names of U.S. and foreign government officials and business executives to verify that their logins were part of the database, Komarov said. The unusual request, Komarov said, indicated that the buyer might be linked to a foreign intelligence agency.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
