The hack exposed user account information, which includes name, email address, hashed passwords, birthdays, phone numbers, and, in some cases, “encrypted or unencrypted security questions and answers,” the company said back in 2016. Yahoo did confirm that passwords were not stolen in clear text, and hackers did not obtain bank or credit card information tied to the Yahoo accounts.
In the months following the announcement, the US Department of Justice charged Russian officials for “state-sponsored” crime relating to a separate Yahoo hack in 2014, with more lawsuits approved by a US District judge in San Jose, CA potentially forthcoming.
The news today comes four months after Yahoo was acquired by Verizon Communications (under a new division named Oath) for $4.48 billion — down $350 million from the initial offer due to the severity of the hacks.
From other source;
The breach now affects a number that represents nearly "half the world," said Sam Curry, chief security officer for Boston-based firm Cybereason, though there's likely to be more accounts than actual users.
Who would want access to 1 billion Yahoo accounts?
"Whether it's one billion or three billion is largely immaterial. Assume it affects you," Curry said. "Privacy is really the victim here."Yahoo first disclosed the breach in December. The stolen information included names, email addresses, phone numbers, birthdates and security questions and answers.
Following its acquisition by Verizon in June, Yahoo says, it obtained new intelligence while investigating the breach with help from outside forensic experts. It says the stolen customer information did not include passwords in clear text, payment card data or bank account information.
Yahoo had already required users to change their passwords and invalidate security questions so they couldn't be used to hack into accounts.
Yahoo salvages Verizon deal with $350M US discount
Why Yahoo, once the darling of the internet, couldn't keep upThe disclosure is also a huge embarrassment for Verizon, which has just started running TV ads for its new subsidiary Oath, which will consist of Yahoo and AOL services.
Verizon spokesman David Samberg said the company has no regrets about buying Yahoo, despite the latest revelation.
Companies often don't know the full extent of a breach and have to revise statements about how it affects customers years later, said Ben Johnson, co-founder and chief technology officer for Obsidian Security, based in Newport Beach, Calif.. Johnson said Yahoo might never know exactly what was accessed.
Equifax now says 8,000 Canadians may have been affected by cybersecurity breach
"The fact is attackers are having field days and the problem is only going to get worse," he said.The chairman of the U.S. Senate Commerce Committee said he plans to hold a hearing later this month over the data breaches at both Yahoo and Equifax.
Senator John Thune of South Dakota said after the latest revelation he will ask witnesses from the two firms whether "new information has revealed steps they should have taken earlier, and whether there is potentially more bad news to come."
