This site may earn affiliate commissions from the links on this page. Terms of use.

Yahoo logo

Update: That didn't take long. Sources accept told Bloomberg that Verizon is exploring either paying significantly less for Yahoo or walking away from the deal entirely. Verizon is reportedly seeking a manner to ensure that whatsoever future legal liability or disclosures autumn solely on Yahoo in the result that Verizon acquires it. Bloomberg also reports that up to 150,000 government accounts were also afflicted. Original story beneath:

Well, this is simply smashing. Earlier this year, Yahoo announced that it had suffered i of the largest hacks in history, with up to 500 million user accounts affected. Now, the company has come clean about an even bigger hack that happened a yr earlier and exposed sensitive data on approximately one billion accounts. The about surprising matter well-nigh this, of course, is that 1 billion people had Yahoo accounts to kickoff with.

Here's where things take a farther detour into the ridiculous. In September 2016 we plant out about a series of hacks that hit Yahoo back in 2014. Now, at the tail end of the year, nosotros're hearing that an even larger assault in 2013 non only captured more information, it captured vastly more sensitive data including plaintext security answers to identity questions. Yahoo is now requiring everyone to alter their security passwords and is invalidating all of its old questions, but this isn't merely a example of locking the barn after the horse has escaped — the horse has already died of sometime historic period.

Marissa-Mayer

Yahoo CEO Marissa Mayer

Yahoo apparently just plant prove of these attacks after analyzing log files provided to it past police enforcement. Said files came from a third political party who claimed they held information on Yahoo, which means the company didn't even find this independently — information technology had to be handed the show others had gathered. Verizon is yet expected to purchase Yahoo, just the company talked publicly well-nigh potentially seeking a lower price in the wake of the earlier hack, and now Yahoo has a trouble literally twice as big on its hands. This fourth dimension, the hack actually involved personal information and could be easily mined for additional information on how users tend to select passwords.

Hacks and security breaches are far more useful to black hats than merely a list of passwords and logins. By creating dictionaries based on passwords people really employ, black hats can accelerate how quickly and effectively they are able to alienation time to come accounts. In theory, users should create a dissimilar login and password for every site, but very few people do so. Most of united states utilize a handful of passwords, at best, or a single common countersign that's rotated out over time. Meanwhile, Yahoo took a short view on security for several years, possibly out of fright of losing users, peradventure because the company had ideas for monetizing mass surveillance in means the quondam East German Stasi would've envied.

Merely more than than anything, this just highlights how little lodge — or businesses — intendance about online security. Breaches are treated as non-events, even when critical information is exposed, and fifty-fifty when that data could exist used to target individuals for theft. If you have access to someone'south email, you lot may well accept admission to information almost their ongoing medical intendance, their bank accounts, billing statements, or other personally identifiable information. To coin an analogy: If the USPS announced that it had lost over a billion pieces of physical post, people would be up in artillery about it — but a hack of sensitive user information that may take exposed tens or hundreds of billions of pieces of post (depending on which information was stolen and how it was used) stirs scarcely a ripple.

If yous've still got a Yahoo account, it's probably fourth dimension to dump it. Use Outlook.com, or Gmail, or any other 3rd-party provider yous like, but don't keep using a visitor that plainly cares then trivial for your own privacy and security — unless, of form, you lot don't intendance either.