Yahoo believes that a state-sponsored actor conducted a theft that appeared to be the world's biggest known cyber breach by far resulting in hacking of at least 500 million of its accounts in 2014, the company said.
The company said that names, email addresses, telephone numbers, dates of birth and encrypted passwords of users have been stolen by the cyber thieves. But signaling that some of the most valuable user data was not taken, Yahoo said that unprotected passwords, payment card data and bank account information did not appear to have been compromised.
Noting more than triple other large attacks on sites such as eBay Inc, the attack on Yahoo comes to light at a difficult time for Yahoo and was unprecedented in size.
The company in July agreed to a $4.83 billion cash sale of its internet business to Verizon Communications Inc. as the Chief Executive Officer Marissa Mayer is under pressure to shore up the flagging fortunes of the site founded in 1994.
"This is the biggest data breach ever," said well-known cryptologist Bruce Schneier, but sicne many questions remain, including the identity of the state-sponsored hackers behind it, the impact on Yahoo and its users remained unclear, Schneier added.
It was only after August reports of a separate breach that Yahoo discovered the incursion although the attack happened in 2014. According to a person familiar with the matter, Yahoo's investigation turned up the 2014 theft even as that report turned out to be false.
The breach could call for a price decrease of $100 million to $200 million, depending on how many users leave Yahoo but was not enough to prompt Verizon to abandon its deal with Yahoo, said Analyst Robert Peck of SunTrust Robinson Humphrey.
The "material adverse change" clause common in mergers allowing a buyer to walk away if its target's value deteriorates could include Yahoo's breach, said Steven Caponi, an attorney at K&L Gates with a practice including merger litigation.
"That would give Verizon the opportunity to renegotiate the terms or potentially walk away from the transaction if it is a material change. Whether it is a material change will depend in large part on what kind of information was compromised," Caponi said.
Still, material changes rarely results in mergers to falling apart. Verizon said in a statement that had limited information about the matter as it was made aware of the breach within the last two days.
"We will evaluate as the investigation continues through the lens of overall Verizon interests," the company said.
While shares of Verizon, were up about 1 percent, shares of Yahoo stock closed a penny higher at $44.15.
Dan Kaminsky, a well-known internet security expert said that the Yahoo breach could be a watershed event that prompts government and businesses to put more effort into bolstering defenses as it follows a rising number of other large-scale data attacks.
"Five hundred of the Fortune 500 have been hacked. If anything has changed, it's that these attacks are getting publicly disclosed," he said.
(Source:www.reuters.com)
The company said that names, email addresses, telephone numbers, dates of birth and encrypted passwords of users have been stolen by the cyber thieves. But signaling that some of the most valuable user data was not taken, Yahoo said that unprotected passwords, payment card data and bank account information did not appear to have been compromised.
Noting more than triple other large attacks on sites such as eBay Inc, the attack on Yahoo comes to light at a difficult time for Yahoo and was unprecedented in size.
The company in July agreed to a $4.83 billion cash sale of its internet business to Verizon Communications Inc. as the Chief Executive Officer Marissa Mayer is under pressure to shore up the flagging fortunes of the site founded in 1994.
"This is the biggest data breach ever," said well-known cryptologist Bruce Schneier, but sicne many questions remain, including the identity of the state-sponsored hackers behind it, the impact on Yahoo and its users remained unclear, Schneier added.
It was only after August reports of a separate breach that Yahoo discovered the incursion although the attack happened in 2014. According to a person familiar with the matter, Yahoo's investigation turned up the 2014 theft even as that report turned out to be false.
The breach could call for a price decrease of $100 million to $200 million, depending on how many users leave Yahoo but was not enough to prompt Verizon to abandon its deal with Yahoo, said Analyst Robert Peck of SunTrust Robinson Humphrey.
The "material adverse change" clause common in mergers allowing a buyer to walk away if its target's value deteriorates could include Yahoo's breach, said Steven Caponi, an attorney at K&L Gates with a practice including merger litigation.
"That would give Verizon the opportunity to renegotiate the terms or potentially walk away from the transaction if it is a material change. Whether it is a material change will depend in large part on what kind of information was compromised," Caponi said.
Still, material changes rarely results in mergers to falling apart. Verizon said in a statement that had limited information about the matter as it was made aware of the breach within the last two days.
"We will evaluate as the investigation continues through the lens of overall Verizon interests," the company said.
While shares of Verizon, were up about 1 percent, shares of Yahoo stock closed a penny higher at $44.15.
Dan Kaminsky, a well-known internet security expert said that the Yahoo breach could be a watershed event that prompts government and businesses to put more effort into bolstering defenses as it follows a rising number of other large-scale data attacks.
"Five hundred of the Fortune 500 have been hacked. If anything has changed, it's that these attacks are getting publicly disclosed," he said.
(Source:www.reuters.com)