Yahoo has revealed the major data theft that took place in August 2013, compromising its entire user base of over three billion accounts. This new announcement shows a three-fold increase over the previously estimated impact.
Based on the analysis of data files provided by law enforcement, Yahoo first announced the data theft in December 2016 and estimated its original impact on around one billion. The company, which is now owned by Verizon Communications, even notified the users about the hack directly. However, some additional information that has now been analysed with the assistance of outside forensic experts shows the additional impact.
Verizon's Chief Information Security Officer Chandra McMohan affirms "proactive work" of his team to ensure the safety and security of users and networks on Yahoo's platform. "Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security as well as benefit from Verizon's experience and resources," said McMohan in a press statement.
In addition to the huge 2013 theft, Yahoo suffered from a separate data hack in 2014 that officially compromised 500 million user accounts. The company alleged that the attack was planned by state-sponsored hackers.
Both the attacks enabled hackers to steal information such as usernames, email addresses, telephone numbers, dates of birth and passwords. In some cases, encrypted and unencrypted security questions and answers were also compromised. Yahoo claims that the attackers weren't able to obtain passwords in a clear text form, instead only "hashed" passwords were revealed that were encrypted using the MD5 algorithm.
Jolts of cyber attacks
Yahoo has already witnessed negativity through the recent cyber attacks. There are at least 41 consumer class-action lawsuits in US federal and state courts against the company due to the two massive security breaches that emerged in the recent years. Moreover, Verizon even lowered its original offer by US$350 million and agreed to acquire Yahoo's consumer business for US$4.5 billion.