comscore Yahoo says hackers stole info in 500 million user accounts | Honolulu Star-Advertiser
Top News

Yahoo says hackers stole info in 500 million user accounts

  • ASSOCIATED PRESS

    A person walked in front of a Yahoo sign at the company’s headquarters in Sunnyvale, Calif., in Nov. 2014. Yahoo says the personal information in 500 million accounts was stolen in a massive security breakdown. The breach disclosed today, the latest setback for the beleaguered internet company, dates back to late 2014.

SAN FRANCISCO » Computer hackers swiped personal information from at least 500 million Yahoo accounts in what is believed to be the biggest digital break-in at an email provider.

The massive security breakdown disclosed today poses new headaches for Yahoo CEO Marissa Mayer as she scrambles to close a $4.8 billion sale to Verizon Communication.

The breach today dates back to late 2014, raising questions about the checks and balances within Yahoo — a fallen internet star that has been laying off staff to counter a steep drop in revenue during the past eight years.

At the time of the break-in, Yahoo’s security team was led by Alex Stamos, a respected industry executive who left last year to take a similar job at Facebook.

Yahoo didn’t explain what took so long to uncover a breach that it blamed on a “state-sponsored actor” — parlance for a hacker working on behalf of a foreign government. The Sunnyvale, California, company declined to explain how it reached its conclusions about the attack, but said it is working with the FBI and other law enforcement as part of its ongoing investigation.

MOST ACCOUNTS EVER STOLEN

“This is a pretty big deal that is probably going to cost them tens of millions of dollars,” predicted Avivah Litan, a computer security analyst for Gartner Inc. “Regulators and lawyers are going to have a field day with this one.”

Litan described it as the most accounts stolen from a single email provider.

The stolen data includes users’ names, email addresses, telephone numbers, birth dates, scrambled passwords, and the security questions — and answers — used to verify an accountholder’s identity.

Last month, the tech site Motherboard reported that a hacker who uses the name “Peace” boasted that he had account information belonging to 200 million Yahoo users and was trying to sell the data on the web.

Yahoo is recommending that users change their passwords if they haven’t done so since 2014. The company said the attacker didn’t get any information about its users’ bank accounts or credit and debit cards.

THE VERIZON IMPACT

News of the security lapse could cause some people to have second thoughts about relying on Yahoo’s services, raising a prickly issue for the company as it tries to sell its digital operations to Verizon Communications.

That deal, announced two months ago, isn’t supposed to close until early next year. That leaves Verizon with wiggle room to renegotiate the purchase price or even back out if it believes the security breach will harm Yahoo’s business. That could happen if users shun Yahoo or file lawsuits because they’re incensed by the theft of their personal information.

Verizon said it still doesn’t know enough about the Yahoo break-in to assess the potential consequences. “We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities,” the company said in a statement.

DELAY OF ACQUISITION?

At the very least, Verizon is going to need more time to assess what it will be getting into if it proceeds with its plans to take over Yahoo, said Scott Vernick, an attorney specializing in data security for the law firm Fox Rothschild.

“This is going to slow things down. There is going to be a lot of blood, sweat and tears shed on this” Vernick said. “A buyer needs to understand the cybersecurity strengths and weaknesses of its target these days.”

Investors evidently aren’t nervous about the Verizon deal unraveling yet. Yahoo’s stock added a penny today to close at $44.17. But the Verizon sale represents a sliver of Yahoo’s total market value, which primarily consists of a stake in Chinese e-commerce leader Alibaba Group currently worth $42 billion.

Comments (14)

By participating in online discussions you acknowledge that you have agreed to the Terms of Service. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. If your comments are inappropriate, you may be banned from posting. Report comments if you believe they do not follow our guidelines.

Having trouble with comments? Learn more here.

Leave a Reply

  • The government is pushing everything to online and electronic…medical, financial, personal…making people who use cash into pariahs and targets of “civil forfeiture seizures” and being branded “suspicious”.

    And yet they CANNOT protect citizens from this sort of mass information compromise and identity theft from state sponsored cyber enemies.

    We’re in for a fun rollercoaster ride in the next 20 years…

      • doesn’t matter. what shopoholic says is true. government is pushing everyone to go online yet cannot protect us from online threats. and if you “opt out” instead to reduce your risk of becoming a victim then you’re seen as a potential terrorist. either way you lose.

    • It’s about efficiency and cost. Granted there will ALWAYS BE issues with any type of record keeping, but would you rather go back to the stone age with paper records? If you want to use cash you can. I just find it much more secure, convenient, and financially advantageous (cashback) to use credit cards. Ordinary people aren’t targeted with “civil forfeiture seizures” or branded “suspicious”. And as “Rite80” says, Yahoo isn’t a government institution. Basically it comes down to pros vs. cons. I’m concerned with these data breaches too, but you just have to stay vigilant. There are ways to protect yourself, though nothing is foolproof. But then again, that’s always been the case.

  • “Yahoo is blaming the hack on a “state-sponsored actor.”
    Attributing breaches to “State-sponsored actors is the common excuse made lately.
    It’s supposed to convey the message that the breach was unavoidable due the sophistication of art available to governments.
    It’s a lame attempt by Yahoo at avoiding direct responsibility.

  • I’ve discussed IT security with people I deem as experts. All of them agree that it’s virtually impossible to protect IT information from “professional hackers”, such as those described as “state sponsored”. On the other hand companies, especially internet companies like Yahoo, have a greater responsibility to protect data as well as disclose breaches. I closed my Yahoo account a few years ago due to the constant hacking of my account.

    • Agreed, unauthorized access to IT information will occur.
      That Yahoo chose to store information that’s facing the net in plaintext is inexcusable.
      Depending on encryption strength a database circulating on the darkweb may not have any value at all.
      Yahoo knows this but to save money/time/bandwidth they chose the less secure option (placing other people’s stuff at risk).
      To be clear, I’d fully agree that ‘professional hackers’ were involved but the term ‘state-sponsored hackers’ is not interchangeable with ‘professional hackers’. Where state-sponsored hacking is driven by military/political & economic goals, professional hackers are primarily concerned with personal economic gain.

  • OMG! Yahoo has my lifetime’s worth of emails, public and PRIVATE on their servers! I don’t think I can delete any email trail that they provide! Ever since Marissa Mayer took the helm, they have faltered and failed in providing any sense of security! Not to mention they have to sell to Verizon. Are you hearing this Verizon!? This absolutely proves that everything and anything you submit over your device is absolutely public domain! Keep your porn on your own harddrive! Since this last CEO, EVERYTHING about Yahoo! has been downhill. Yahoo! was one of the pioneers of the internet search, now I cannot even wait to remove everything I have known from Yahoo! Choose your WEO’s wisely!

  • The problem is the private market– private investors and businesses who make the decisions on computer security–do not put enough value on security of our records. The value of Yahoo as a business has not gone down, the price of its shares went up yesterday.Ultimately, though, businesses like Yahoo do not want to spend enough on security because we do not want to pay enough for it. One way to change this in a free market economy (i.e., one not overly regulated), is with class action lawsuits that would let everyone sue these companies even if each claim is small, together the claims will make companies take notice. A few such lawsuits, then without the government stepping in, companies will spend more for security (and we will pay more for this security).

Click here to see our full coverage of the coronavirus outbreak. Submit your coronavirus news tip.

Be the first to know
Get web push notifications from Star-Advertiser when the next breaking story happens — it's FREE! You just need a supported web browser.
Subscribe for this feature

Scroll Up