Yahoo Announces Biggest Hack in History

Ray Walsh

Ray Walsh

December 15, 2016

Yahoo is back in the news, this time with the revelation that one billion email accounts were breached by hackers in 2013. Amazingly, the internet giant claims that the hack appears to be separate to the attack announced in September, which involved 500 million accounts. In a blog post on the subject, Yahoo’s head of security Bob Lord commented,

“We believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. We have not been able to identify the intrusion associated with this theft.”

According to Yahoo, the hackers made off with names, phone numbers, passwords, and email addresses. Lord also explained in the official message that Yahoo’s proprietary code that could “allow an intruder to access users’ accounts without a password” was also stolen. The news is yet another dent to Yahoo’s already tarnished reputation, and one that must have Verizon seriously enraged.

 The Yahoo-Verizon Deal

yahoo-verizon-2In July it was announced that Verizon would be buying Yahoo for $4.8 billion. Two months later, Yahoo was forced to admit that not only had 500 million of its email accounts been breached, but that the firm itself had been helping the NSA to hack all their users (by providing a back door in secret).

The firm claimed that the NSA was simply investigating the aforementioned hack from the year 2014. However, this revelation itself proved that Yahoo knew about the hack long before it had entered into negotiations with communication giant Verizon.

In October, the revelation that Yahoo had known that a state-sponsored hacker was penetrating their systems since way back in 2014, suddenly threw the deal into chaos. Unbelievably, Verizon only found out about the hack two days before it was publicly disclosed to the world.

After the disclosure, Verizon launched an in-depth investigation and announced in late October that it would decide a new price by November. Rumors circulated that Verizon would be seeking to get at least a $1 billion discount on the price of the acquisition. Two months later, confirmation of the Verizon deal (and what discount they may desire) is still awaited.

The latest revelation – that there was an even bigger hack back in 2013 – when added to the 2014 hack and Yahoo’s admittance that it helped the NSA, is surely another blow to the deal.


Jump the Sinking Ship

Another interesting part of the story, which reveals serious internal problems at Yahoo, is the revelation that ex-Chief Information Security Officer, Alex Stamos, left because he was unhappy with secretly helping the NSA.

Stamos, who is now ISO at Facebook, allegedly refused to be part of the intrusive NSA investigation. That decision was apparently made by Yahoo CEO, Marissa Mayer, who decided that the firm should help the NSA to investigate the hacks into Yahoo email accounts (for national security reasons).

Alex Stamos clearly saw the moral implications of a) Not announcing to the world that the firm knew it had been penetrated to such a high degree, and b) Secretly complying with the NSA’s wish to further penetrate user email accounts. Those actions forced him to quit his position at Yahoo in favor of Facebook, in order to avoid his name and reputation as an ISO being seriously tarnished. A wise move indeed.

What Should Yahoo Users Do?

As is always the case when these types of hacks are revealed, anybody with a Yahoo account must change their password to be absolutely certain that their account can’t still be accessed.

yahoo-passwordIn addition, if you are one of those people who signs up to different social media and email accounts using the same password, then you are advised to change those too. Why? Because hackers often sell stolen data  on the dark web. In August, for example, it was reported that 200 million Yahoo user credentials were being sold on the dark web.

Due to the fact that names, email addresses, and passwords were stolen from Yahoo, anyone who uses the same password for Twitter, Facebook, or any other accounts as they do for Yahoo, is strongly advised to change those passwords to stop their other accounts being penetrated.

Strong Distinct Passwords

This is why you are advised to use different passwords for each account that you own. In addition, those passwords should be strong – and strong passwords are immensely hard to remember. With that in mind, you are advised to consider using a password manager app like KeePass.

Another option is to write your passwords on the page of a book that is kept on your bookshelf. That way you can simply get the book out and look at the passwords whenever you need to. If that doesn’t seem safe, remember that hackers work from afar and attack you via the internet. As such, they won’t be able to physically go to your bookshelf and get at those passwords (whereas they can crack a weak password). For people who fear a partner, family member or housemate might impinge on their privacy, however, a password manager like KeePass remains a solid option.

With that said, considering that this is the third mass-hacking revelation from Yahoo since August, it may be a good idea to simply say goodbye to Yahoo for good. For people who are fed up with Yahoo (and you should be), please go ahead and take a look at our How To Delete Yahoo Permanently guide for more information.


Yahoo’s Bleak Future

For now it remains to be seen whether this latest hack – the biggest single hack in history – will further affect the Verizon acquisition deal. One would presume that Verizon will be expecting at least a 20% discount from the originally agreed price of $4.8 billion. As I said back in September, however, I would not be surprised if the deal fell through altogether.

Under the circumstances, after failure upon failure to properly disclose to its users these serious security breaches, it is my opinion that you would have to be crazy not to permanently delete your Yahoo account. As such, if I were Verizon, I would run a mile. The purple palace’s roof is burning – let the motherf$£&r burn.

All opinions are the writer’s own.

Ray Walsh

I am a freelance journalist and blogger from England. I am highly interested in politics and in particular the subject of IR. I am an advocate for freedom of speech, equality, and personal privacy. On a more personal level I like to stay active, love snowboarding, swimming and cycling, enjoy seafood, and love to listen to trap music.

5 responses to “Yahoo Announces Biggest Hack in History

  1. hello,
    there is something i do not understand ; could you please explain it to me ?
    – is someone hacking stealing selling my password my account my data ; why is it not possible to be payed for that by an agreement a trial ?
    i read that a famous person earned a lot of money for the same fact (account hacked etc.).
    – in short , Where is the option for the compensation ?
    – is it the reason why the nsa or a big company (yahoo e.g.) wins always : they do not pay that they take betraying the confidence the chain of trust ?
    thx for your nice article.

    1. Hi Leo,

      Ray says,

      “Yahoo is a free service that you chose to subscribe to. Sadly, this means that your chances of seeking compensation are slim to none. However, you could get a lawyer and attempt to seek damage. The option, of course is yours. Of course, we agree that it is a shame that firm’s like Yahoo get away with keeping hacks a secret for years at a time, that may indeed stand in your favor if you did decide to take them to court.

      1. I didn’t “choose” Yahoo e-mail; AT&T “chose” it for me; they foisted it on me, when I signed up for their high-speed Internet. And their mail support pages further make it seem like Yahoo Mail is the only option available to us.
        I should think that, unless AT&T clearly identified the real choices its customers had at their disposal, there might be an avenue for recovery of damages.
        I’d really be interested in Mr. Walsh’s thoughts on this.

        1. Hi Ron,

          Yes, it is a shame (almost criminal, really) that ISPs don’t make it clearer that email services are an open market, and that you are free to use whichever one you want. I have forwarded your comments to Ray.

        2. Hi Ron, as mentioned in my reply to Leo seeking compensation is something that you will need to proceed with independently. I have no personal experience with AT&T and, as such, I have no personal knowledge about why they forced Yahoo on you. The fact that they did could open up an avenue for compensation.

          However, I find it highly unlikely that AT&T made themselves liable during the process of advertising Yahoo to you. I suspect that if you look closely at any information, they gave you at the time, that they likely specified that you would be subject to the third party’s licensing agreement on a separate and unconnected basis. I admit, however, that this is guess work on my part.

          The first thing that you should do is write a strongly worded paper letter to both Yahoo and AT&T expressing your concerns that Yahoo failed to disclose its loss of your personal data for so long. Add that it is your understanding that your email account was also given access to a third party (namely the NSA) without your express knowledge or permission.

          With AT&T express your anger that they chose Yahoo for you and that Yahoo has now been proven to be a liability. In both cases say you would like (as a valued customer) to be given compensation for the loss of your privacy. Once you get a reply, I suspect that taking matters further will require you to seek legal advice.

          It is probable that Yahoo will be getting fines for what has occurred. In the UK the British information commissioner has launched an investigation and Yahoo could receive fines of half a million pounds if it is decided that Yahoo failed to adequately protect their customer’s information. Sadly, those fines will not make it back into the pockets of the consumers that were stung by Yahoo’s behavior. As is always the case, the government will profit, but the little man will largely have to grin and bare it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Exclusive Offer
Get NordVPN for only