Yahoo says 1 billion user accounts hacked

Yahoo said Wednesday that more than 1 billion user accounts – meaning most of the Internet giant’s customers worldwide – were hacked in 2013, leading to the release of user names, telephone numbers, dates of birth and other personal information.

News of the hack, coming after the announcement in September of a separate hack affecting 500 million accounts, means that Yahoo has been the victim of the two largest data breaches ever reported. Both have been announced since Yahoo agreed to sell its core businesses to telecommunications giant Verizon in July for $4.8 billion.

The incident raised new questions among analysts regarding the viability of that deal and whether the valuation will need to be changed, especially if the hacks trigger litigation against the company.

“This is another major blow,” said Jeff Kagan, a Georgia-based telecommunications industry analyst. “It throws into question what’s really going on at Yahoo. And if you don’t really know what’s going on at Yahoo, does Verizon have the guts to buy a potential bomb? This company could explode with major problems and major losses.”

In the 2013 incident, Yahoo said that credit card and bank account numbers, which are stored separately, were not affected, but the breach did include some unencrypted “security questions” that the company uses to authenticate users.

Yahoo also reported a separate incident Wednesday in which hackers used what the company called “forged cookies” to gain access to some accounts, though it did not give the number. That incident, the company said, appeared to have links to the one announced in September involving “state-sponsored” attackers. Law enforcement officials said that breach, which happened in 2014, was probably the work of Russian hackers, though no final conclusion has been reached.

To minimize the damage, Yahoo is alerting affected customers and requiring them to change their passwords. But the scale of the hack and the time that has passed since it happened suggests that few of the company’s customers were unaffected. Given the size of the two hacks, many Yahoo users are likely to have had their information stolen more than once.

Yahoo has said it has more than 1 billion users worldwide, though the company’s fortunes have been sagging for years as other tech companies have snatched away pieces of its search, email and other Web-based businesses.

Yahoo encourages users to review all of their online accounts for suspicious activity and to change their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account,” the company said in a statement. “The company further recommends that users avoid clicking links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information.”

Regarding the deal with Verizon, Yahoo said in a statement, “We are confident in Yahoo’s value and we continue to work towards integration with Verizon.”

Verizon spokesman Bob Varettoni said: “As we’ve said all along, we will evaluate the situation as Yahoo continues its investigation. We will review the impact of this new development before reaching any final conclusions.”

Security experts have long complained that Yahoo lagged behind the industry in adopting measures to protect its customers. The breach that Yahoo announced Wednesday was discovered after law enforcement officials shared with the company a data set that “a third party” claimed was from Yahoo user accounts.

The company, in conjunction with outside experts, verified that it was data stolen in August 2013, the company said in a statement.

The news caused a late dip in Yahoo’s stock price, sending it down as much as 2.7 percent in after-hours trading.

“The fact that we now have two breaches implies that Yahoo security measures were inadequate. So it is more likely there will be future breaches uncovered,” said Laura Martin, senior analyst at Needham & Co. “It sounds to me like they never knew about any of these breaches, which means they never fixed the problem. That implies that the assets are actually less valuable than we thought.”

The Washington Post’s Ellen Nakashima contributed to this report.

Local News

Jennifer Vaughan Ansley Real Estate, Christie’s International sponsors 2025 Heart and Soul Gala

Local News

CGTC EAGLE delegate named regional finalist

Local News

Second Harvest February food distribution Feb. 15

Local News

GWM 4th Annual Writers Retreat next month

Local News

TONI SAYS: The difference between long- and short-term care plans

Local News

BBB: How to recognize phony debt collection calls and texts 

Local News

Monthly real estate market update for Lake Oconee area – January 2025

Columns

Columns

ON THE MARKET: Complacency

Local News

Putnam native, aspiring Broadway director takes on first with ‘The Color Purple’ production

Local News

Rotary Week 51 raffle winner

Local News

Rotary Week 50 raffle winner

Local News

Piedmont Athens Regional Beautiful You Boutique receives reaccreditation

Local News

Greene Chamber of Commerce welcomes Jessi Lynch

Local News

Outdoor Innovations of Georgia joins as sponsor for the 2025 Heart and Soul Gala

Local News

BBB offers tips on choosing a tax preparer

News

Rotary Club announces Greene County STAR student

Local News

Rotary Week 49 raffle winner

Local News

Rotary Week 48 raffle

Local News

Rotary Club honors January 2025 Students-of-the-Month

Columns

PATHWAYS TO HEALING: Brain health

Local News

PAPA announces ‘On Golden Pond’ auditions

Local News

Our Father’s Kitchen: Serving the Community with Love and Nourishment every Saturday

Local News

OPAS celebrates thrilling fall season and announces exciting Mardi Gras event