Yahoo Data Theft: The Biggest Security Breach In History Just Got Even Bigger

If you ever thought that Yahoo is finally going to leave you alone after Verizon Communications acquired it for $350 million then think again, because what we are going to tell you will definitely make you curse yourself for the day you decided to have a Yahoo Account.

In December 2016, when the .com uncovered the ‘Yahoo Data Theft’ which was said to have affected almost 1 Billion users, the world got to witness the biggest cyber breach in the history of the internet. Those who ever had a Yahoo account went on analyzing their books in order to whether they were part of the attack or not.

However, the worse was still left to be unveiled and now Yahoo Mail has announced that each and every of its users were affected by the Yahoo Data Theft. Yes, you read it right. The cyber attack that took place in the year 2013 exposed users’ account information including names, email addresses, hashed passwords, phone numbers, birthdays and in some cases, even the encrypted or unencrypted security questions as well as answers.

All we know about the reason behind the ‘Yahoo Data Theft’ is the fact that the information was protected with an outdated, easy-to-crack encryption, which included security questions as well as backup email addresses that might have made it easier to break into other accounts.

Thankfully, the firm did confirm that hackers were not able to obtain password and bank or credit card information, during the Yahoo Data Theft, tied to the Yahoo Mail accounts.

Here is the statement from Yahoo, which is now managed by Oath.

“Subsequent to Verizon’s acquisition of Yahoo, and during integration as well as an investigation with the assistance of some outside forensic experts, the firm recently obtained new intelligence and believes that all Yahoo accounts were affected in the August 2013 theft. While this is not a new security issue, Yahoo Inc. is sending email notifications to all the additional affected user accounts. This investigation indicates that the stolen user account information did not include passwords in clear text, bank account information or payment card data. Yahoo is continuing to work closely with law enforcement.”

This means that if you happen to own a Yahoo account but did not previously receive an email request for a password change, it might be already too late as you were also a part the security breach.

Talking about being late, Yahoo was already way too late as it announced details of this massive security breach that reportedly took place in 2013, a good three years later. After the Yahoo Data Theft, the firm faced at least 41 consumer class-action lawsuits in the United States federal as well as state courts over the matter and now the news is likely to increase the number of lawsuits by shareholders as well as Yahoo account holders.

This will also result in a sharp increase in legal exposure of its new owner, Verizon Communications Inc. which bought Yahoo at $350 million, down from earlier valuation of $4.48 billion due to the severity of the hacks.

Chandra McMahon, Verizon Communications’ Chief Information Security Officer, said,

“Verizon is committed to highest standards of accountability as well as transparency, and we are proactively working to ensure the safety and security of users as well as networks in an evolving landscape of online threats”.

That being said, Yahoo first revealed a cyber attack in September 2016 in which, around 500 million users were said to be affected. The breach became an International headline after a ‘reported’ state-owned hacker from Russia claimed to have information related to 200 Million users and was trying to sell them on the black market in July 2016 for just $1800. The attacker named as ‘Peace’ reportedly stole email-addresses, phone numbers along with other personal information about the users.

From that day to this date, this is the third time ‘Yahoo Data Theft’ has made headlines and this also comes as a wake-up call for the world to either strengthen its cybersecurity guidelines or back-off from promoting people to live an ‘Internet Life’, until then.