In 2013, Yahoo revealed a massive security breach. Over the course of three attacks, Yahoo originally reported that information for one billion users was compromised. It took them until December of last year to come up with that figure. Now it is being revealed that the number of accounts actually hacked was three billion, triple their original estimate.
It is baffling that they could have spent three years investigating and somehow didn’t notice this. It took “recently obtained new intelligence” to realize that every single one of their accounts were compromised. Perhaps they weren’t looking that hard.
Bloomberg reports that Yahoo now says 3B users impacted in 2013 hack. Prev said 1B. again, assume you’re compromised
— briankrebs (@briankrebs) October 3, 2017
In August Judge Lucy Koch decided that Yahoo would face the litigation filed by over one billion users who had been affected by the breaches. Regarding this new information John Yanchunis, a lawyer that represents some of the plaintiffs said;
“Judge Koh had asked us to provide additional facts to support what we knew about the 2013 breach. I think we have those facts now.”
The “additional facts” may have been uncovered due to the fact that Yahoo was acquired by Verizon in June. They were able to focus more resources on the hack. Reports say that Yahoo, Verizon, cybersecurity firms, and law enforcement were all involved with the newest investigation.
— Bloomberg (@business) October 3, 2017
Verizon paid $4.5 billion for Yahoo, approximately $250 million less than the original offer because of the hacks. Chandra McMahon, Chief Information Security Officer of Verizon issued a statement that read;
“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats. Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”
Whether this merger will actually improve Yahoo’s security remains to be seen. So far all they have accomplished is discovering more problems.