Yahoo is back in the news, this time with the revelation that one billion email accounts were breached by hackers in 2013. Amazingly, the internet giant claims that the hack appears to be separate to the attack announced in September, which involved 500 million accounts. In a blog post on the subject, Yahoo’s head of security Bob Lord commented,
“We believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. We have not been able to identify the intrusion associated with this theft.”
According to Yahoo, the hackers made off with names, phone numbers, passwords, and email addresses. Lord also explained in the official message that Yahoo’s proprietary code that could “allow an intruder to access users’ accounts without a password” was also stolen. The news is yet another dent to Yahoo’s already tarnished reputation, and one that must have Verizon seriously enraged.
The Yahoo-Verizon Deal
In July it was announced that Verizon would be buying Yahoo for $4.8 billion. Two months later, Yahoo was forced to admit that not only had 500 million of its email accounts been breached, but that the firm itself had been helping the NSA to hack all their users (by providing a back door in secret).
The firm claimed that the NSA was simply investigating the aforementioned hack from the year 2014. However, this revelation itself proved that Yahoo knew about the hack long before it had entered into negotiations with communication giant Verizon.
In October, the revelation that Yahoo had known that a state-sponsored hacker was penetrating their systems since way back in 2014, suddenly threw the deal into chaos. Unbelievably, Verizon only found out about the hack two days before it was publicly disclosed to the world.
After the disclosure, Verizon launched an in-depth investigation and announced in late October that it would decide a new price by November. Rumors circulated that Verizon would be seeking to get at least a $1 billion discount on the price of the acquisition. Two months later, confirmation of the Verizon deal (and what discount they may desire) is still awaited.
The latest revelation – that there was an even bigger hack back in 2013 – when added to the 2014 hack and Yahoo’s admittance that it helped the NSA, is surely another blow to the deal.
Jump the Sinking Ship
Another interesting part of the story, which reveals serious internal problems at Yahoo, is the revelation that ex-Chief Information Security Officer, Alex Stamos, left because he was unhappy with secretly helping the NSA.
Stamos, who is now ISO at Facebook, allegedly refused to be part of the intrusive NSA investigation. That decision was apparently made by Yahoo CEO, Marissa Mayer, who decided that the firm should help the NSA to investigate the hacks into Yahoo email accounts (for national security reasons).
Alex Stamos clearly saw the moral implications of a) Not announcing to the world that the firm knew it had been penetrated to such a high degree, and b) Secretly complying with the NSA’s wish to further penetrate user email accounts. Those actions forced him to quit his position at Yahoo in favor of Facebook, in order to avoid his name and reputation as an ISO being seriously tarnished. A wise move indeed.
What Should Yahoo Users Do?
As is always the case when these types of hacks are revealed, anybody with a Yahoo account must change their password to be absolutely certain that their account can’t still be accessed.
In addition, if you are one of those people who signs up to different social media and email accounts using the same password, then you are advised to change those too. Why? Because hackers often sell stolen data on the dark web. In August, for example, it was reported that 200 million Yahoo user credentials were being sold on the dark web.
Due to the fact that names, email addresses, and passwords were stolen from Yahoo, anyone who uses the same password for Twitter, Facebook, or any other accounts as they do for Yahoo, is strongly advised to change those passwords to stop their other accounts being penetrated.
Strong Distinct Passwords
This is why you are advised to use different passwords for each account that you own. In addition, those passwords should be strong – and strong passwords are immensely hard to remember. With that in mind, you are advised to consider using a password manager app like KeePass.
Another option is to write your passwords on the page of a book that is kept on your bookshelf. That way you can simply get the book out and look at the passwords whenever you need to. If that doesn’t seem safe, remember that hackers work from afar and attack you via the internet. As such, they won’t be able to physically go to your bookshelf and get at those passwords (whereas they can crack a weak password). For people who fear a partner, family member or housemate might impinge on their privacy, however, a password manager like KeePass remains a solid option.
With that said, considering that this is the third mass-hacking revelation from Yahoo since August, it may be a good idea to simply say goodbye to Yahoo for good. For people who are fed up with Yahoo (and you should be), please go ahead and take a look at our How To Delete Yahoo Permanently guide for more information.
Yahoo’s Bleak Future
For now it remains to be seen whether this latest hack – the biggest single hack in history – will further affect the Verizon acquisition deal. One would presume that Verizon will be expecting at least a 20% discount from the originally agreed price of $4.8 billion. As I said back in September, however, I would not be surprised if the deal fell through altogether.
Under the circumstances, after failure upon failure to properly disclose to its users these serious security breaches, it is my opinion that you would have to be crazy not to permanently delete your Yahoo account. As such, if I were Verizon, I would run a mile. The purple palace’s roof is burning – let the motherf$£&r burn.
All opinions are the writer’s own.