The infamous pair of Yahoo hacks have cause Verizon to start renegotiating the Yahoo purchase, and the data from those hacks has sold for nearly $1 million.
The first of the Yahoo attacks to be revealed to the public actually occurred second chronologically. At least 500 million accounts were hacked in a September penetration of Yahoo’s cybersecurity. At the time, it was the largest known corporate hack to date.
However, Yahoo discovered that in 2013, over a billion user accounts were compromised. Yahoo now holds both hack records, and investor confidence reflects that.
According to Fortune, “Shares of the Sunnyvale, California-based internet pioneer fell more than 6% after it announced the breach of data belonging to more than 1 billion users late on Wednesday, following another large hack reported in September.”
CNN reports that the hack was very profitable for the party responsible. “At the time, it was sold to three parties for $300,000 each. Data is still for sale, but now that the breach is public, the price is expected to drop.”
Despite the fact Yahoo is now aware of the hacks, they seem to be trailing behind in determining who and how the breaches took place. A cybersecurity firm called InfoArmor claims to have identified the group responsible for the larger hack, Group E. They are a group of cybercriminals based primarily out of Eastern Europe.
InfoArmor also believes they have identified two of the groups sold to as spammers, and believe there is high potential that some of the data was also sold to a state-sponsored party or an intelligence agency. The latter claim is based on the type of information requested, specifically on high-level financial executives and government workers.
The recent disclosure of the hacking disasters has left Yahoo in the lurch when it comes to a Verizon deal where Verizon intended to purchase Yahoo’s core internet business for approximately $4.8 billion, a deal Verizon is intently working on renegotiating in light of these security breaches.
The potential for significant damages, both through lawsuit and otherwise, may reduce the value of the internet giant significantly. In addition to the hack of normal users, Time reports that “victims included more than 150,000 federal workers, including FBI, CIA, NSA employees and former diplomats.” The FBI has reported that they are looking into the issue as well. New York’s State Attorney General also plans to claim a piece of the action.
Financial analysts are still confident Verizon wants to go through with the deal. Yahoo’s various platforms are likely to synergize well with Verizon’s AOL property, and despite the security risks, the opportunity to reduce the asking price for Yahoo’s still lucrative property may be worth the risk of additional hack attempts.
Yahoo claims only about 200 million or so accounts are currently in regular use, but the danger from the hack lies not just for the active users, but also those in the past. Most people tend to reuse passwords, identifying questions, and other such common security measures on multiple websites, including those for banking and work. This makes a hack much more likely and much easier.
Another danger is that users may not remember they even have or had a Yahoo account.
Getting access to identifier questions can lead not only to a hack of financial data or theft of money but also to hard identity aspects, such as a social security number. This sort of hack can also lead to more subtle dangers, such as access to private data, allowing an individual to be spied on. That individual’s security proves porous when the key is in the hands of hackers or those who have purchased the key.
So what do you think about the massive hack and security breach for Yahoo? Tell us your thoughts in the comments section below!
[Featured Image by Ethan Miller/Getty Images]