Search engine company Yahoo Inc. confirmed yesterday that it had uncovered another major cyber-attack, revealing that data from over one billion user accounts was compromised in August 2013. The company came across the breach while reviewing data it was provided to by law enforcement.
To date, this is the largest confirmed data breach in history.
Reuters noted that the number of accounts affected by the August 2013 cyberattack was double the number of that during the previously reported 2014 breach that Yahoo disclosed in September. The company had blamed the first attack on hackers working on behalf of a government. The attack caused Verizon Communication—set to acquire Yahoo’s core internet business for US$4.83 billion—to withdraw from the deal in October.
In response to the latest breach reveal, Verizon said that it would “review the impact of this new development before reaching any final conclusions.”
A spokesperson for Yahoo told
Reuters that the company has been in communication with Verizon during its investigation into the breach. The representative also said that Yahoo is confident that the incident will not affect the planned acquisition.
To address the breach, Yahoo required all of its customers to reset their passwords. Previously, following the discovery of the first breach, the company had only recommended a password reset.
Yahoo also said on Wednesday that it suspects hackers involved in the previous attack managed to access the company’s proprietary code to learn how to forge cookies, thus allowing the hackers to access accounts without a password.
“Yahoo badly screwed up,” said cryptologist and security expert Bruce Schneier. “They weren’t taking security seriously and that’s now very clear. I would have trouble trusting Yahoo going forward.”
Related Stories:
Hacks on SMBs could be targeting big companies
US Attorney’s office announces creation of cybercrime unit
