Technology

Yahoo Confirms Another Data Breach, This Time Impacting 1B Accounts

Verizon says it continues to evaluate the situation as Yahoo investigates (Update) 12/15/2016 9:15 AM Eastern Last updated at 12/15/2016 11:12 AM

Casting another dark cloud on its proposed sale to Verizon, Yahoo Inc. confirmed Wednesday that it believes an unauthorized third party, in August 2013, stole data associated with more than 1 billion user accounts.

 

The latest admission follows an earlier one in which Yahoo said data from more than 500 million accounts, including customer e-mail addresses, birth dates, phone number and encrypted passwords, were stolen.

 

Yahoo noted that the latest data breach was discovered after it law enforcement provided the company with data files that a third party claimed was Yahoo user data.

 

RELATED: Breached: What happened when hackers shut down Liberty Global’s broadband in the Netherlands

 

“Yahoo believes this incident is likely distinct from the incident the company disclosed on September 22, 2016,” the company said.

 

The latest data breach admission plants another seed of doubt around Verizon’s $4.8 billion deal to acquire Yahoo for $4.8 billion. Speculation following the earlier hacking revelation was that Verizon might try to cut the purchase price by as much as $1 billion. Verizon has held that the data breach could be a material event

 

RELATED: Verizon Agrees to Buy Yahoo for $4.83B

 

Verizon said its position on the pending deal remains unchanged following this week’s revelation.  

 

"As we've said all along, we will evaluate the situation as Yahoo continues its investigation. We Will review the impact of this new development before reaching any final conclusions,” Verizon said in a statement.

 

UPDATE: Bloomberg reported Thursday morning that Verizon is exploring a price cut or a possible exit from the proposed deal. 

 

Regarding the latest breach discovery, Yahoo said stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, possibly, encrypted or unencrypted security questions and answers. Yahoo noted that the investigation showed that the purloined data did not include passwords in clear text, payment card data, or bank account information.

 

“Payment card data and bank account information are not stored in the system the company believes was affected,” Yahoo said.

 

Based on its ongoing investigation in the hacking matter, Yahoo said it believes an unauthorized third party accessed the company’s proprietary code to learn how to forge cookies.

 

Yahoo said it is encouraging its users to review their online accounts for suspicious activity and to change their passwords and security questions. Further, it’s recommending the use of a Yahoo Account Key, an authentication tool that, it says, eliminates the need to use a password on Yahoo altogether.

 

Want to read more stories like this?
Get our Free Newsletter Here!