Yahoo hack steals personal info from at least 500M accounts

The massive security breakdown disclosed Thursday poses new headaches for Yahoo CEO Marissa Mayer.

REUTERS/Denis Balibouse
A Yahoo logo is pictured in front of a building in Rolle, east of Geneva, Switzerland December 12, 2012.

Computer hackers swiped personal information from at least 500 million Yahoo accounts in what is believed to be the biggest digital break-in at an email provider.

The massive security breakdown disclosed Thursday poses new headaches for Yahoo CEO Marissa Mayer as she scrambles to close a $4.8 billion sale to Verizon Communication.

The breach Thursday dates back to late 2014, raising questions about the checks and balances within Yahoo — a fallen internet star that has been laying off staff to counter a steep drop in revenue during the past eight years.

At the time of the break-in, Yahoo's security team was led by Alex Stamos, a respected industry executive who left last year to take a similar job at Facebook.

Yahoo didn't explain what took so long to uncover a breach that it blamed on a "state-sponsored actor" — parlance for a hacker working on behalf of a foreign government. The Sunnyvale, California, company declined to explain how it reached its conclusions about the attack, but said it is working with the FBI and other law enforcement as part of its ongoing investigation.

MOST ACCOUNTS EVER STOLEN

"This is a pretty big deal that is probably going to cost them tens of millions of dollars," predicted Avivah Litan, a computer security analyst for Gartner Inc. "Regulators and lawyers are going to have a field day with this one."

Litan described it as the most accounts stolen from a single email provider.

The stolen data includes users' names, email addresses, telephone numbers, birth dates, scrambled passwords, and the security questions — and answers — used to verify an accountholder's identity.

Last month, the tech site Motherboard reported that a hacker who uses the name "Peace" boasted that he had account information belonging to 200 million Yahoo users and was trying to sell the data on the web.

Yahoo is recommending that users change their passwords if they haven't done so since 2014. The company said the attacker didn't get any information about its users' bank accounts or credit and debit cards.

THE VERIZON IMPACT

News of the security lapse could cause some people to have second thoughts about relying on Yahoo's services, raising a prickly issue for the company as it tries to sell its digital operations to Verizon Communications.

That deal, announced two months ago, isn't supposed to close until early next year. That leaves Verizon with wiggle room to renegotiate the purchase price or even back out if it believes the security breach will harm Yahoo's business. That could happen if users shun Yahoo or file lawsuits because they're incensed by the theft of their personal information.

Verizon said it still doesn't know enough about the Yahoo break-in to assess the potential consequences. "We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities," the company said in a statement.

DELAY OF ACQUISITION?

At the very least, Verizon is going to need more time to assess what it will be getting into if it proceeds with its plans to take over Yahoo, said Scott Vernick, an attorney specializing in data security for the law firm Fox Rothschild.

"This is going to slow things down. There is going to be a lot of blood, sweat and tears shed on this" Vernick said. "A buyer needs to understand the cybersecurity strengths and weaknesses of its target these days."

Investors evidently aren't nervous about the Verizon deal unraveling yet. Yahoo's stock added a penny Thursday to close at $44.17. But the Verizon sale represents a sliver of Yahoo's total market value, which primarily consists of a stake in Chinese e-commerce leader Alibaba Group currently worth $42 billion.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Yahoo hack steals personal info from at least 500M accounts
Read this article in
https://www.csmonitor.com/USA/Society/2016/0922/Yahoo-hack-steals-personal-info-from-at-least-500M-accounts
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe