Security Market Segment LS
Wednesday, 04 October 2017 09:03

Verizon says all 3b Yahoo! accounts breached in Dec 2013


US multinational telecommunications conglomerate Verizon has announced that all three billion accounts which Yahoo! had in December 2013, were affected by a data breach in 2013.

Verizon completed its acquisition of Yahoo! in June this year.

Yahoo! had said in December last year that a billion accounts were compromised in this particular breach, one of three that it disclosed in 2016 and 2017.

The company made two disclosures last year — one in September and one in December — of massive data breaches. A third, in February 2017, did not specify how many accounts were involved.

The leak disclosed in September involved about 500 million user credentials and took place in late 2014. The December disclosure was said to concern account details of a billion users and occurred in August 2013.

In a filing with the Securities and Exchange Commission on Tuesday, Verizon said: "Subsequent to Yahoo!’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft."

The company said that while this was not a new security issue, Yahoo! was sending email notifications to the additional affected user accounts.

"The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement," it said.

“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said Chandra McMahon, chief information security officer.

"Our investment in Yahoo! is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources."

Update, 5 October: David Kennerley, director of threat research at security firm Webroot, said it was incredible that three billion accounts were affected, but probably not a real surprise. 

"The hackers had pretty much free reign over Yahoo! systems for a good while – with the breach only being initially disclosed by the company in late 2016," he said. 

Kennerley said the stolen data was a potent package for identify theft. "The fact that the accounts were compromised for so long means that most of the damage would have already been done before the breach was even discovered. I’d hope that the disclosure in 2016 led people to change their passwords, if that’s not the case – act now!" 

He said there were wider ramifications to the disclosure. "The reality of the news, coupled with the ongoing security failings at Equifax and many others, means we now without doubt have to accept that a good number of once trusted companies cannot keep our private data secure.

"It’s now essential that consumers become more proactive and improve their own security hygiene. A few examples include, using different passwords for each online profile, always checking the authenticity of any emails received, keeping an eye on all online accounts for suspicious activity and, as importantly, keeping up-to-date on the latest breach disclosures – it’s not if, it’s when!"


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments