You may have heard about the 2013 Yahoo hacking incident that made headlines just last year, but what you probably didn’t know was that there’s more to it than what Yahoo told its users.
It should be remembered that December last year, Yahoo disclosed a security breach that it said to affect one billion user accounts.
The said breach dated back to 2013 and was announced by the company three months after a separate hacking incident occurred in September 2016. However, the 2013 Yahoo hacking incident affected not one billion, contrary to what the company initially said, but over three billion accounts!
At the time, the Yahoo hacking incident was dubbed by security analysts as the biggest known breach of a company’s computer network. Now, it appears to be even bigger.
The hackers were able to obtain names, birth dates, phone numbers, and passwords of Yahoo users. Also, it was found that the passwords were protected with security that was easy to crack.#YahooHackingIncident from 2013 affected not just 1, but over 3 billion users!Click To Tweet
Let us emphasize the last part:
“PROTECTED WITH SECURITY THAT WAS EASY TO CRACK.”
If that’s not enough to make you switch to other webmail platforms, maybe the following would.
The data thieves were also able to obtain security questions and backup email addresses that billions of Yahoo users used to reset passwords. If that’s not the worst that could happen when being hacked, who knows what is!
Uncovering Details of the 2013 Yahoo Hacking Incident
In June this year, Verizon acquired Yahoo for a whopping $4.48 USD billion. The amount was said to be $350 USD million less than the original offer due to the disclosure of the breaches. Combined with AOL that was bought by Verizon in 2015, they formed the new division of the company known as Oath.
Following the discovery of the 2013 Yahoo hacking incident, Yahoo in 2016 said that they took the necessary action to protect all user accounts. This includes notifying affected users that were identified that time, requiring users to change their passwords, and invalidating unencrypted security questions and answers so the hackers won’t be able to use them to access stolen accounts.
Upon acquisition of Yahoo, Verizon was able to obtain intelligence report from third-party forensic experts (which the company doesn’t want to name) that ALL YAHOO USER ACCOUNTS were apparently affected by the 2013 Yahoo hacking incident.
It appears that the security experts who investigated the incident back then were not able to discover the full extent of the 2013 Yahoo breach. Jay Kaplan, former Defense Department cybersecurity expert and senior analyst at the National Security Agency was quoted as saying:
“Frankly, I don’t know how Yahoo got away with this.”
With ‘one billion’ affected users, Kaplan believes that it was enough for Yahoo to consider that all of the company’s user accounts might probably be compromised then. “My guess is that Yahoo was completely ‘owned’ across the board,” he went on to say.
However, the investigation results received by Verizon indicated that the stolen user accounts did not include passwords in clear text, payment card data, or any bank account information. In a statement released by the company through its Chief Information Security Officer, Chandra McMahon, it said:
“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats. Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”
Verizon is currently working with law enforcement to settle the issue. In addition to that, the company said that it would release direct email notifications and instructions to the other 2 billion Yahoo users that were affected by the 2013 Yahoo hacking incident.