Yahoo dropped a bomb on its users and stockholders on Wednesday: More than one billion users’ accounts have been stolen in an attack that took place in August of 2013.
One billion accounts compromised would mean that this breach far surpasses Myspace’s 360 million accounts and 427 million passwords stolen, making it the largest hack in history. Back in September, Yahoo revealed that 500 million accounts had been compromised, but this appears to be a separate event that doesn’t include those accounts.
Once the news broke, Yahoo’s shares dropped 2.5% in after-hours trading, possibly threatening Verizon’s $4.8 billion acquisition of the company. Since Yahoo didn’t reveal the previous hack until after they agreed to sell, Verizon already stated then that a hack may affect the terms or price of the sale
So far, Yahoo hasn’t been able to find exactly where the intrusion occurred but said a third-party accessed their proprietary code in order to forge cookies that would allow a hacker to access user accounts without a password. While they can’t find the intrusion itself, the company believes that the perpetrators are the same state-sponsored hackers behind the breach disclosed in September.
According to Yahoo, credit card, and bank account information is stored on a completely separate system than the one broken into and remains unaffected. However, the hackers were able to make off with most other personal information of their users, including usernames, email addresses, telephone numbers, dates of birth, passwords, and security questions and answers.