According to a report by Yahoo, over 1 billion email accounts were possibly hacked in an attack that took place in 2013. The tech giant stated that this particular attack was separate from the 2014 incident disclosed in September, where it was said that 500 million of Yahoo’s users had been illegally accessed.
In the hack, user details such as names, passwords, and email addresses were stolen. Bank payment data was however safe. The company, which about to switch hands to Verizon, said it wa working closely with appropriate authorities to look into the hacking.
Yahoo said it believes there was a third party that illegally accessed and stole data belonging to over 1 billion users.
“This breach breach is distinct from the 2014 attack. However, it was disclosed as authorities were looking into a 2014 hack,” said Yahoo. Yahoo users were advised to change their passwords as well as security questions.
The company, which is based in California, has more than 1 billion users per month, although some of those are duplicate accounts. Among those are also accounts that are dormant.
Troy Hunt, who is a cyber-security said to BBC: “This would be the largest cyber-attack we have ever encountered. As a matter of fact, the 500 million hacked account reported earlier would have been the largest and seeing this number double is shocking.”
Yahoo disclosed that there is a possibility of the breach having been sponsored by the state, just like with previous attacks. Prof Peter Sommer of Birmingham City UNiversity said to BBC there was a serious probable that the state sponsored the the hack.
“But what would the government be doing a billion email account details of ordinary people? This is the problem I have,” he said.
In September Yahoo said the 2014 breach, according to information it had, was carried out by a state-sponsored actor. There was, however no disclosure about what country carried out the attack.
Should users lose faith in Yahoo, Verizon won’t find much value in it. Verizon said it would look into the situation to see what steps to take next. Verizon reduced Yahoo’s valuation by 1 billion because of the 2014 incident.
Mr Hunt said that Verizon allegedly cut its valuation of Yahoo by $1bn – almost 20% of the original bid’s value – after the news emerged of the 2014 attack.
The new revelations will further impact the valuation. This is not just about how large the breach is, but also about the pattern of insecurity this shows.