Numbers Climb in Yahoo Breach

By Hadley Bjerke, News Writer

Earlier this month, the internet mogul Yahoo announced that information from at least five hundred million accounts had been stolen from the company in their 2014 breach. Among this news was the belief that a state-sponsored actor was responsible for the attack.

According to Yahoo, among the names, telephone numbers, and birth dates stolen, other information may have included email addresses, and possibly security questions and answers. The scale of this attack contributes to the idea that this is the largest data breach ever in terms of user accounts.

In order to narrow down who is behind the attack, the FBI has been investigating the matter but has not released any information on how the search is going. However, the FBI stated that they are taking the breach very seriously and will determine how it could have happened and by whom. Many theories have begun to circulate over the origin of the attack. One theory involves a hacker named “Peace” who tried to sell personal information of Yahoo account holders on the dark web, the black market of secret websites.

Currently, about two hundred fifty million people use Yahoo Mail while an additional eighty one million use Yahoo Finance and tens of millions use Yahoo Fantasy Sports. Yahoo began notifying those who were possibly involved in the breach early on and recommended steps to secure their accounts, such as changing their passwords and security questions. The breach may have extended to other accounts linked to users Yahoo accounts. One website under watch is Flickr, the photo-sharing service with over one hundred thirteen million users. Other sites, such as Tumblr, should not have been affected according to Yahoo.

Additionally, the breach comes in the middle of Yahoo’s transaction with media company Verizon Communications. Under the leadership of CEO Marissa Mayer, the company has had less than satisfactory growth which has led investors to push for the selling of Yahoo’s internet business. Verizon has limited knowledge of Yahoo’s breach but the deal for 4.8 billion dollars is still expected to wrap up in the first quarter of 2017.

The main concern for investors and regulators is where the ethical obligations will lie in the middle of the acquisition. Tim Erlin, senior director of IT security and risk strategy at the computer security firm Tripwire, warns that the responsibility of the company to clean up after the attack could be overlooked in the multi-billion dollar transition. Otherwise, the deal should occur as smoothly as originally promised. The loss of five percent of Yahoo’s users though, could result in a lower price for Verizon anywhere between one hundred and two hundred million dollars.

Even though most account holders only store minimal data with the company, such as email and a password, a Gartner survey reveals about half of all users reuse their passwords with multiple services. A hacker could potentially gain access to multiple accounts with the single email and password. For high level hackers, this information is stored in a dossier along with all the personal material they have discovered about the user. The dossier can then be sold to other hackers or used to extract funds from a user. Another route that is harder to track and becoming more common is using the information to earn loyalty points at airlines and hotel chains, or even coffee shops, before bundling the data and reselling it.