Yahoo finally acknowledges massive hack of user data, only informed Verizon two days ago
Though almost 500 million user accounts were effected by what Yahoo claimed was a ‘state-sponsored’ hack, the data itself was likely old with many of the accounts already disabled
The giant telecom Verizon knew it was buying damaged goods when it decided to bail out CEO Marissa Mayer by buying the company in a $4.83 billion deal. Just how damaged, though, it may not have known.
Yahoo yesterday acknowledged what was fairly common knowledge since August, that it was the victim of a massive hack, which the company called ‘state-sponsored’ though they provided no proof of that.
“A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” Bob Lord, Chief Information Security Officer at Yahoo!, told users. “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.”
“Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.”
Lucky, Bob Lord. He joined the company just last October and now he gets to announce this.
But what about Verizon? One assumes Yahoo would have wanted to keep its new owner well informed, right? Well, not right.
“Within the last two days, we were notified of Yahoo’s security incident,” Verizon told CNNMoney. “We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact.”
At this point it is probably unlikely that Verizon would bail on its deal to acquire Yahoo, though there are probably though those in the corporate suites who opposed the deal saying today “I told you so.” Whether this is enough to force a change in the terms of the deal, though, is unlikely.
“According to our study, nearly one in three Americans said it would take them several months to begin trusting a company like Yahoo again following a data breach,” said Ebba Blitz, CEO of encryption provider Alertsec. “Twenty-two percent said it would only take them a month to forgive, but 17 percent of men and 11 percent of women said their trust would be permanently lost. Men are also more likely to switch to a competitor following a data breach than are women.”
Kudos to Vice’s Motherboard, which first reported the hack on August 1, less than a week following the Verizon acquisition announcement. They noticed the sale of Yahoo user information online by a “notorious cybercriminal” named Peace, and when they contacted Yahoo the company said that they were “aware of a claim.”
At the time, the guess was that the information being sold online, which contained usernames, hashed passwords, dates of birth, and some back-up email addresses, was from 200 million accounts, far less than Yahoo admitted yesterday. The information, Motherboard said, likely was old, coming from 2012, and when they tested the data they found that it was valid, but many of the accounts were disabled or discontinued.
Again, though, Yahoo admitted that it knew of the hack before the acquisition announcement, then only told Verizon this week. The world of M&A can be ugly sometimes.
Speaking of M&A:
CNBC is reporting this morning that Twitter may receive a “formal bid” from companies wishing to acquire the online social networking service.
Google and Salesforce.com are the two likely suitors, according to a CNBC source.
The rumor has Twitter stock up over 18 percent in early trading.
Is this a valid rumor, or a stock pumping exercise? Twitter shares once traded over $70 a share (in 2014) but fell to $14 earlier this year. Sales rumors now have the stock back over $22 a share.