Updated 12/15/2016, 10:41 a.m.
Yahoo recently disclosed yet another breach to its database of users. Already reeling from the August 2013 breach that exposed around 500 million accounts, Yahoo is now struggling with an even larger one that they are saying is “separate and distinct” from the earlier hack. Verizon and Yahoo have been in talks since early 2016 about the possible acquisition of Yahoo’s digital assets by Verizon, though it seems as though it will be harder and harder for Yahoo to finalize the deal.
Update from 9/23/2016, 10:47 a.m.
It has only been a few weeks since we last wrote about a large website hack, and here we are writing about another one. This time, the victim is Yahoo. Similar to some other recent hacks, the initial breach occurred in 2014 (although it was first reported to be in 2012) but was not pubilicized until now. The hack’s release comes at an unfortunate time for the media giant, which, amongst a struggle to boost revenue since 2012, is in the midst of selling their core assets to Verizon for nearly $5 billion. Comments by Verizon, revealing that they have been provided with limited information on the breach only within the last few days suggests that the acquisition may be in jeopardy.
The hack was first noticed by a Motherboard writer who caught wind of a listing on the dark web involving the sale of 200 million compromised Yahoo accounts for three bitcoins (roughly $1,800 at the time of this writing). As the hack was confirmed and verified, it came to light that the number of compromised accounts is actually closer to 500 million. Yahoo’s press release refers to the hackers as “state-sponsored actors,” and although they did not go into more detail, they did promise that they were “working closely with law enforcement on this matter.”
The hack included usernames, passwords (which were encrypted, luckily), email addresses, dates-of-birth, phone numbers, and security questions. Yahoo has already reset and disabled all affected users’ current security questions, urging its users to re-enable them and choose a new password. There haven’t been any reports of other accounts being compromised as a result (for example, in a case where the password was reused), but it would still be a good idea to change your passwords if you’ve used a Yahoo email as one of your primary accounts.