Latest
Recommended
Published: Mon, December 19, 2016
Economy | By Melissa Porter

Yahoo security problems a story of too little, too late


"We believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts". Yahoo said the 2013 attack is "likely distinct" from the 2014 breach the company reported in September. That disclosure followed revelations this fall of a half-billion-account hack that Yahoo knew about in 2014 but did not disclose for almost two years.

Information compromised includes names, email addresses, telephone numbers, dates of birth, "hashed" passwords, and some security questions and answers. The company says it believes bank-account information and payment-card data were not affected.

Bosses are now working with the authorities and security experts to find out what happened. The only good news is that Yahoo has a policy of deactivating or deleting inactive accounts that remain dormant after one year.

In the past few years, hackers tied to foreign governments are believed to have stolen emails to embarrass celebrities and Hollywood moguls (recall the Sony Pictures break-in during 2014) and possibly even to influence the 2016 presidential election.

Yahoo's chief information security officer Bob Lord announced the discovery of the 2013 hack in a post yesterday on the company's Tumblr blog.

The information technology company said that it is already letting affected users know the security threat that their accounts have potentially suffered and requiring them to change their passwords as well. Technically, those passwords should be secure; Yahoo said they were scrambled twice - once by encryption and once by another technique called hashing.

In some cases, account holders' encrypted and unencrypted security questions and answers could also have been stolen.

When criminals have access to a Yahoo user's inbox, they can request a password reset link be sent to a user's inbox from any Web site.

Make sure you log out of social media accounts, email accounts and online shopping accounts when you're done with them.

News of the additional hack further jeopardises Yahoo's plans to fall into Verizon's arms.

Yahoo Inc came under renewed scrutiny by federal investigators and lawmakers on Thursday after disclosing the largest known data breach in history, prompting Verizon Communications Inc to demand better terms for its planned purchase of Yahoo's internet business. That's the first thing hackers will try.

At the very least, the security lapses "definitely will help Verizon in its negotiations to lower the price", Gartner analyst Avivah Litan predicted. The latest hacking incident revelations could impact that deal as well.

Verizon hasn't signaled that it wants to walk away from the deal, but that hasn't entirely eased investor concerns. Verizon.net email addresses were serviced by Yahoo until the company acquired AOL in late 2015.

"This just adds to fuel to the fire and it won't help Yahoo's cause", said Eric Jackson, a long-time critic of the company's management. Yahoo's shares fell 96 cents, or 2 percent, to $39.95 after the disclosure of the latest hack.

Like this: