EPIC SCREW UP AT YAHOO THREE TIMES WORSE THAN REPORTED
Remember way back when last December when the news broke that the Yahoo hack was an astounding 1 Billion users whose data was compromised? As shocking as that was, the reality is actually far, far worse. All Yahoo accounts were compromised back in 2013, which means that the hard to believe number of one billion users was actually three billion users. You read that right. Three billion yahoo accounts were compromised in a hack back in 2013 that took three years to come to light. Well, a third of the hack came to light, until this week tripled the scale.
IT TAKES FOUR YEARS TO LEARN OF LARGEST HACK EVER, AFFECTING 40% OF HUMANITY
On Tuesday the company confirmed every account was affected. It’s not yet clear how it is that they under-reported this by 2 billion users, almost four years after the breach occurred. Again, the breach took place back in 2013 but wasn’t discovered for three years. Now a year after that, we know that the breach encompassed every single Yahoo account. Oops. The hack was tracked to nation-state black hats.
REAL SCALE OF BREACH REVEALED IN TAKOVER INVESTIGATION BY VERIZON
Verizon closed its acquisition of Yahoo this year, after demanding a discount based on the security failure, and merged it with AOL to create a new company, Oath. “Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all user accounts were affected by the August 2013 theft,” they said in a disclosure filed with the SEC. “The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information.”
HACKERS GOT IN, HAD A PARTY, PARENTS NOT HOME FOR THREE YEARS, All YAHOO ACCOUNTS AFFECTED
Yahoo suffered multiple intrusions into its network, losing email addresses, weakly-hashed passwords, and other personal information. Attackers accessed Yahoo’s internal code, enabling them to forge cookies to access certain targets’ email accounts and to place fraudulent links in their search results.
Yahoo required the previous 1 billion users thought to be affected to change their passwords and security questions. These changes will also be required of the 2 billion people now known to be included in the breach. Because, all yahoo accounts were affected.
In March, the Justice Department announced criminal charges against several men affiliated with Russian intelligence for the hack.